CVE-2011-2010External Control of File Name or Path in Microsoft Pinyin IME

CWE-264CWE-73External Control of File Name or PathCWE-22Path Traversal48 documents6 sources
Severity
7.2HIGHNVD
EPSS
0.5%
top 33.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Pinyin IMEMicrosoft Pinyin NEW Experience StyleMicrosoft Pinyin Simple Fast Style
Timeline
PublishedDec 14
Latest updateMay 14

Description

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-v9hv-xmm8-5vcw: The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pi2022-05-14
CVEList
CVE-2011-2010: The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pi2011-12-14

💥Exploits & PoCs

11
Exploit-DB
JBoss & JMX Console - Misconfigured Deployment Scanner2011-10-03
Exploit-DB
SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)2011-09-20
Exploit-DB
Microsoft Office 2010 - '.RTF' Header Stack Overflow2011-07-03
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'getnnmdata.exe Hostname' CGI Buffer Overflow (Metasploit)2011-03-25
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'snmpviewer.exe' Remote Buffer Overflow (Metasploit)2011-03-23

📋Vendor Advisories

11
Red Hat
Invoker servlets authentication bypass (HTTP verb tampering)2011-11-16
Red Hat
cifs-utils: mount.cifs incorrect fix for CVE-2010-05472011-07-29
Red Hat
kernel: inet_diag: insufficient validation2011-06-01
Red Hat
Gimp: Incomplete fix for CVE-2010-4543 PSP plug-in heap overflow issue2011-05-23
Red Hat
kdenetwork: incomplete fix for CVE-2010-10002011-04-11

💬Community

12
Bugzilla
CVE-2010-4563 kernel: ipv6: sniffer detection2012-02-09
Bugzilla
CVE-2011-2999 Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38)2011-09-28
Bugzilla
CVE-2010-4819 X.org: ProcRenderAddGlyphs input sanitization flaw2011-09-23
Bugzilla
CVE-2010-4451 JDK unspecified vulnerability in Install component2011-02-16
Bugzilla
CVE-2010-4447 JDK unspecified vulnerability in Deployment component2011-02-16
CVE-2011-2010 — External Control of File Name or Path | cvebase