cbcvebase.
CVE-2014-4077
published 2014-11-11

CVE-2014-4077: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for…

PriorityP279high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
47.68%
98.7th percentile
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftoffice_2007_ime
microsoftwindows_server_2008

Detection & IOCsextracted from sources · hover to see the quote

  • Presence of IMJPDCT.EXE (IME for Japanese) on the system is a prerequisite for exploitation; detect its installation as an attack surface indicator
  • Monitor for sandbox escape activity (privilege escalation) originating from PDF reader processes on systems where IMJPDCT.EXE is installed
  • Inspect PDF documents delivered to users on affected Windows platforms (Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3) for crafted/malicious content triggering IME interaction
  • ·Vulnerability is only exploitable when IMJPDCT.EXE (IME for Japanese) is installed; systems without this component are not affected even if running an otherwise vulnerable OS/Office version
  • ·IME Japanese is included by default on Windows but is disabled by default; the attack surface exists only when it has been explicitly enabled or installed

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.