CVE-2013-3859

Published: Sep 11, 2013Modified: Apr 29, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."

Affected (5)

Products: Microsoft: Office, Pinyin Ime

Microsoft

2 products

Office

Pinyin Ime

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2010 sp1
Microsoft Office	Version 2010 sp1
Microsoft Office	Version 2010 sp1
Microsoft Pinyin Ime	Version 2010
Microsoft Pinyin Ime	Version 2010

Related CWEs

CWE-264

References (4)

http://www.us-cert.gov/ncas/alerts/TA13-253A

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075

Source: secure@microsoft.com

http://www.us-cert.gov/ncas/alerts/TA13-253A

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.