Microsoft Input Method Editor (IME) For Japanese Remote Privilege Escalation Vulnerabilities
Summary
Credit:
The information has been provided by Vitaly Kamluk and Costin Raiu of Kaspersky Lab.
Details
Vulnerable Systems:
* Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3
Microsoft Input Method Editor (IMEs) for Japanese is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain escalated privileges within the context of the logged in user.
CVE Information:
CVE-2014-4077
Disclosure Timeline:
Original release date: 11/11/2014
Last revised: 12/31/2014