CVE-2014-4077
published 2014-11-11CVE-2014-4077: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for…
PriorityP279high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
47.68%
98.7th percentile
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office_2007_ime | — | — |
| microsoft | windows_server_2008 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Presence of IMJPDCT.EXE (IME for Japanese) on the system is a prerequisite for exploitation; detect its installation as an attack surface indicator ↗
- →Monitor for sandbox escape activity (privilege escalation) originating from PDF reader processes on systems where IMJPDCT.EXE is installed ↗
- →Inspect PDF documents delivered to users on affected Windows platforms (Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3) for crafted/malicious content triggering IME interaction ↗
- ·Vulnerability is only exploitable when IMJPDCT.EXE (IME for Japanese) is installed; systems without this component are not affected even if running an otherwise vulnerable OS/Office version ↗
- ·IME Japanese is included by default on Windows but is disabled by default; the attack surface exists only when it has been explicitly enabled or installed ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft IME Japanese Privilege Escalation Vulnerability
cisa·2022-05-25·CVSS 7.8
CVE-2014-4077 [HIGH] CWE-264 Microsoft IME Japanese Privilege Escalation Vulnerability
Vulnerability: Microsoft IME Japanese Privilege Escalation Vulnerability
Affected: Microsoft Input Method Editor (IME) Japanese
Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2014-4077
Remediation Due Date: 2022-06-15
GHSA
GHSA-5rf9-j2cv-922c: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT
ghsa_unreviewed·2022-05-14
CVE-2014-4077 [HIGH] GHSA-5rf9-j2cv-922c: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.
VulnCheck
Microsoft IME Japanese Privilege Escalation Vulnerability
vulncheck·2014·CVSS 7.8
CVE-2014-4077 [HIGH] CWE-264 Microsoft IME Japanese Privilege Escalation Vulnerability
Microsoft IME Japanese Privilege Escalation Vulnerability
Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation.
Affected: Microsoft Input Method Editor (IME) Japanese
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cve.org/CVERecord?id=CVE-2014-4077; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Du
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
blogs_talos·2014-11-11·CVSS 7.8
[HIGH] Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
## Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
This month Microsoft is releasing 14 security bulletins. Originally they had planned to release 16, but due to issues that emerged in late testing, two bulletins that were announced in the Advance Security Notification, MS14-068 and MS14-075, have been postponed. Of the 14 bulletins, four are considered critical, eight are important, while two are moderate. They cover a total of 33 CVEs.
We’ll start off with the four critical bulletins, for a total of 21 CVEs that can result in remote code execution:
Our first bulletin of the month is MS14-064 and fixes two vulnerabilities ( CVE-2014-6332 , CVE-2014-6352 ) in Windows Object Linking and Embedding (OLE) that could allow remote code execution. Both issues are seei
Talos
Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
blogs_talos·2014-11-11·CVSS 7.8
[HIGH] Microsoft Update Tuesday November 2014: Fixes for 3 0-day
Vulnerabilities
This month Microsoft is releasing 14 security bulletins. Originally they had planned to release 16, but due to issues that emerged in late testing, two bulletins that were announced in the Advance Security Notification, MS14-068 and MS14-075, have been postponed. Of the 14 bulletins, four are considered critical, eight are important, while two are moderate. They cover a total of 33 CVEs.
We’ll start off with the four critical bulletins, for a total of 21 CVEs that can result in remote code execution:
Our first bulletin of the month is MS14-064 and fixes two vulnerabilities (CVE-2014-6332, CVE-2014-6352) in Windows Object Linking and Embedding (OLE) that could allow remote code execution. Both issues are seeing attack in the wild and can be considered 0-days. CVE-2014-6352 is a vulnerabil
http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspxhttp://www.securitytracker.com/id/1031196http://www.securitytracker.com/id/1031197https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-078http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspxhttp://www.securitytracker.com/id/1031196http://www.securitytracker.com/id/1031197https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-078https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4077
2014-11-11
Published
2022-05-25
Added to CISA KEV
Exploited in the wild