CVE-2013-3859

Severity

69%

Complexity

34%

Confidentiality

165%

Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft

First reported 11 years ago

2013-09-11 14:03:00

Last updated 6 years ago

2018-10-12 22:05:00

Affected Software

Microsoft Office 2010 Service Pack 1

2010

Microsoft Office 2010 Service Pack 1 for 64 bit systems (x64)

2010

Microsoft Office 2010 for x86 (32-bit Systems) Service Pack 1

2010

Microsoft Pinyin IME 2010 x64 (64-bit)

2010

Microsoft Pinyin IME 2010 x86 (32-bit)

2010

x86

References

TA13-253A

US Government Resource

MS13-075

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2013-3859

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

Type

First reported 11 years ago

Last updated 6 years ago

Affected Software

Microsoft Office 2010 Service Pack 1

Microsoft Office 2010 Service Pack 1 for 64 bit systems (x64)

Microsoft Office 2010 for x86 (32-bit Systems) Service Pack 1

Microsoft Pinyin IME 2010 x64 (64-bit)

Microsoft Pinyin IME 2010 x86 (32-bit)

References

TA13-253A

MS13-075

Stay updated

Get in touch