MS14-078: Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)
High Nessus Plugin ID 79137
SynopsisThe remote Windows host is affected by a privilege escalation vulnerability.
DescriptionThe remote Windows host is affected by a privilege escalation vulnerability in the Microsoft Input Method Editor (IME) (Japanese) component that is triggered when loading dictionary files. An attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in a sandbox escape and an escalation of privileges in the context of the current user.
SolutionMicrosoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, and Office 2007 SP3.