MS13-075 - Important: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of...

[Guest Microsoft Security]

Severity Rating: Important

Revision Note: V1.1 (December 18, 2013): Clarified that only implementations of Microsoft Pinyin IME 2010 are affected by the vulnerability. However, this update may be offered to systems with a non-vulnerable IME. This helps to maintain consistency for shared files across Office products. For more information, see the Update FAQ.

Summary: This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.

 

Source: Microsoft Security Bulletins