PT-2013-4693 · Microsoft · Office 2010 Sp1+2

Wei Wang

Published

2013-09-11

Updated

2018-10-12

CVE-2013-3859

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Pinyin IME 2010 Microsoft Office 2010 SP1

Description The issue arises when Microsoft Pinyin IME 2010 is used with Microsoft Office 2010 SP1, as it fails to properly restrict configuration options. This allows local users to gain privileges by starting Internet Explorer from the IME toolbar.

Recommendations For Microsoft Pinyin IME 2010, avoid starting Internet Explorer from the IME toolbar until a fix is available. For Microsoft Office 2010 SP1, restrict the use of the IME toolbar in conjunction with Internet Explorer to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-3859

Affected Products

Internet Explorer

Office 2010 Sp1

Pinyin Ime 2010

PT-2013-4693 · Microsoft · Office 2010 Sp1+2

CVE-2013-3859

Weakness Enumeration

Related Identifiers

Affected Products

References · 3