MS11-088: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)

high Nessus Plugin ID 57274

Synopsis

The version of Microsoft Office installed on the remote Windows host has a privilege escalation vulnerability.

Description

The version of Microsoft Office Input Method Editor (Chinese) installed on the remote host has a privilege escalation vulnerability.
A local attacker could exploit this by utilizing the MSPY IME toolbar in an unspecified manner, resulting in arbitrary code execution in kernel mode.

Solution

Microsoft has released a set of patches for Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-088

Plugin Details

Severity: High

ID: 57274

File Name: smb_nt_ms11-088.nasl

Version: 1.15

Type: local

Agent: windows

Published: 12/13/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:microsoft:pinyin_simple_fast_style, cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 12/13/2011

Vulnerability Publication Date: 12/13/2011

Reference Information

CVE: CVE-2011-2010

BID: 50950

IAVB: 2011-B-0146

MSFT: MS11-088

MSKB: 2596511, 2647540