CVE-2014-4077

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server versions 2003 SP2 through 2008 SP2 and R2 SP1 Microsoft Windows Vista version SP2 Microsoft Windows 7 version SP1 Microsoft Office version 2007 SP3

Description The issue is related to the Input Method Editor (IME) component for Japanese in Windows operating systems, which has insufficient access restrictions. This allows a remote attacker to bypass sandbox protection mechanisms via a crafted PDF document, potentially leading to elevation of privilege. The vulnerability has been exploited in the wild in 2014. An attacker who successfully exploits this vulnerability could compromise the sandbox of a vulnerable application and gain access to the affected system with the rights of the logged-on user.

Recommendations For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Windows Vista SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 7 SP1, update to a version that includes the fix for this issue. For Microsoft Office 2007 SP3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the IMJPDCT.EXE component until a patch is available.