MS13-075:Microsoft Office IME (中国語版) の脆弱性により、特権が昇格される (2878687)
2013年10月9日
危険度: : 高
CVE識別番号: CVE-2013-3859
概要
This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
トレンドマイクロの対策
詳しい情報については以下のサイトをご参照ください。
対応方法
影響を受けるソフトウェア
- Microsoft Pinyin IME 2010 (32-bit version)
- Microsoft Pinyin IME 2010 (64-bit version)