MS13-075: Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
Medium Nessus Plugin ID 69927
SynopsisThe version of Microsoft Office installed on the remote Windows host has a privilege escalation vulnerability.
DescriptionThe version of Microsoft Office Input Method Editor (Chinese) installed on the remote host has a privilege escalation vulnerability. A local attacker could exploit this by utilizing the MSPY IME toolbar in an unspecified manner, resulting in arbitrary code execution in kernel mode.
SolutionMicrosoft has released a set of patches for Pinyin IME 2010.