CVE-2011-2010

Published: Dec 14, 2011Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

Affected (6)

Products: Microsoft: Pinyin Ime, Pinyin New Experience Style, Pinyin Simple Fast Style

Microsoft

3 products

Pinyin Ime

Pinyin New Experience Style

Pinyin Simple Fast Style

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft Pinyin Ime	Version 2010
Microsoft Pinyin Ime	Version 2010
Microsoft Pinyin New Experience Style	Version 2010
Microsoft Pinyin New Experience Style	Version 2010
Microsoft Pinyin Simple Fast Style	Version 2010
Microsoft Pinyin Simple Fast Style	Version 2010

Related CWEs

CWE-264

References (4)

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.