CVE-2011-2010

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA11-347A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088
http://www.us-cert.gov/cas/techalerts/TA11-347A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:pinyin_ime:2010::x64:::::
	cpe:2.3:a:microsoft:pinyin_ime:2010::x86:::::
	cpe:2.3:a:microsoft:pinyin_new_experience_style:2010::x64:::::
	cpe:2.3:a:microsoft:pinyin_new_experience_style:2010::x86:::::
	cpe:2.3:a:microsoft:pinyin_simple_fast_style:2010::x64:::::
	cpe:2.3:a:microsoft:pinyin_simple_fast_style:2010::x86:::::

History

21 Nov 2024, 01:27

Type	Values Removed	Values Added
References	~~() http://www.us-cert.gov/cas/techalerts/TA11-347A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA11-347A.html - US Government Resource
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088 -

Information

Published : 2011-12-14 00:55

Updated : 2024-11-21 01:27

NVD link : CVE-2011-2010

Mitre link : CVE-2011-2010

CVE.ORG link : CVE-2011-2010

JSON object : View

Products Affected

microsoft

pinyin_new_experience_style
pinyin_simple_fast_style
pinyin_ime

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2011-2010", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-12-14T00:55:01.247", "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka \"Pinyin IME Elevation Vulnerability.\""}, {"lang": "es", "value": "Microsoft Office Input Method Editor (IME) de chino simplificado de Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, y Office Pinyin New Experience Style 2010 no restringe el acceso a las opciones de configuraci\u00f3n, lo que permite a usuarios locales escalar privilegios a trav\u00e9s de la barra de herramientas IME Microsoft Pinyin (MSPY). Tambi\u00e9n conocido como \"Vulnerabilidad de elevaci\u00f3n de privilegios IME Pinyin\"."}], "lastModified": "2024-11-21T01:27:28.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:pinyin_ime:2010:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB80EE2F-80F3-4844-B4E4-F3845F0E82D3"}, {"criteria": "cpe:2.3:a:microsoft:pinyin_ime:2010:*:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E972A8E-2297-4185-8FBA-5F7F16E8585E"}, {"criteria": "cpe:2.3:a:microsoft:pinyin_new_experience_style:2010:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D438487-AC20-4747-AC5F-A2CDB8E3C9DD"}, {"criteria": "cpe:2.3:a:microsoft:pinyin_new_experience_style:2010:*:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF755F02-4D28-473D-8694-575C48D5B325"}, {"criteria": "cpe:2.3:a:microsoft:pinyin_simple_fast_style:2010:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BE7C859-48F5-4978-8E90-88100075F8C6"}, {"criteria": "cpe:2.3:a:microsoft:pinyin_simple_fast_style:2010:*:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD10C2F4-D8C5-4BB9-9968-2307845E2179"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}