MS11-088: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The version of Microsoft Office installed on the remote Windows host
has a privilege escalation vulnerability.

Description :

The version of Microsoft Office Input Method Editor (Chinese)
installed on the remote host has a privilege escalation vulnerability.
A local attacker could exploit this by utilizing the MSPY IME toolbar
in an unspecified manner, resulting in arbitrary code execution in
kernel mode.

See also :

Solution :

Microsoft has released a set of patches for Pinyin IME 2010, Office
Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 57274 ()

Bugtraq ID: 50950

CVE ID: CVE-2011-2010

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial