CVE-2013-3859 — Microsoft Office vulnerability

CWE-2643 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
0.5%
top 35.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft OfficeMicrosoft Pinyin IME
Timeline
PublishedSep 11
Latest updateMay 14

Description

Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

â–¶NVDmicrosoft/office2010
â–¶NVDmicrosoft/pinyin_ime2010

🔴Vulnerability Details

2
GHSA
GHSA-8xr3-v8m4-mq8p: Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows loc↗2022-05-14
â–¶
CVEList
CVE-2013-3859: Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows loc↗2013-09-11
â–¶
CVE-2013-3859 — Microsoft Office vulnerability | cvebase