MS11-088: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
High Nessus Plugin ID 57274
SynopsisThe version of Microsoft Office installed on the remote Windows host has a privilege escalation vulnerability.
DescriptionThe version of Microsoft Office Input Method Editor (Chinese) installed on the remote host has a privilege escalation vulnerability.
A local attacker could exploit this by utilizing the MSPY IME toolbar in an unspecified manner, resulting in arbitrary code execution in kernel mode.
SolutionMicrosoft has released a set of patches for Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010.