CVE-2013-3859

Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/ncas/alerts/TA13-253A	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075
http://www.us-cert.gov/ncas/alerts/TA13-253A	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2010:sp1::::::
	cpe:2.3:a:microsoft:office:2010:sp1:x64:::::*
	cpe:2.3:a:microsoft:office:2010:sp1:x86:::::*
	cpe:2.3:a:microsoft:pinyin_ime:2010::::::x64:
	cpe:2.3:a:microsoft:pinyin_ime:2010:::::x86::

History

21 Nov 2024, 01:54

Type	Values Removed	Values Added
References	~~() http://www.us-cert.gov/ncas/alerts/TA13-253A - US Government Resource~~	() http://www.us-cert.gov/ncas/alerts/TA13-253A - US Government Resource
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075 -

Information

Published : 2013-09-11 14:03

Updated : 2024-11-21 01:54

NVD link : CVE-2013-3859

Mitre link : CVE-2013-3859

CVE.ORG link : CVE-2013-3859

JSON object : View

Products Affected

microsoft

office
pinyin_ime

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-3859", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-11T14:03:48.307", "references": [{"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka \"Chinese IME Vulnerability.\""}, {"lang": "es", "value": "Microsoft Pinyin IME 2010, cuando es utilizado en conjunto con Microsoft Office 2010 SP1, no restringe las opciones de configuraci\u00f3n apropiadamente, lo que permite a usuarios locales conseguir privilegios arrancando Internet Explorer desde la barra de herramientas IME, tambien conocido como \"Vulnerabilidad IME Chino\"."}], "lastModified": "2024-11-21T01:54:26.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9932C177-FCBB-4AD1-A42A-1FAB28F392F3"}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8239CEF1-BD02-4ACE-A0C2-75A9EAA15914"}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8383FADC-9391-4570-AAF9-92A952A4F04F"}, {"criteria": "cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "81AA94DF-177C-430E-B260-E425F9B2811A"}, {"criteria": "cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:x86:*:*", "vulnerable": true, "matchCriteriaId": "62964888-CBEB-4A3B-ADBD-07428A1CD2CC"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}