Vigil@nce - Microsoft Office: privilege escalation via Pinyin IME
September 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
On a Chinese system, a local attacker can use Pinyin IME of
Microsoft Office, in order to escalate his privileges.
– Impacted products: Office, Access, Excel, InfoPath, OneNote,
Outlook, PowerPoint, Project, Publisher, Visio, Word
– Severity: 2/4
– Creation date: 10/09/2013
DESCRIPTION OF THE VULNERABILITY
When Microsoft Office 2010 is installed on a Chinese system,
Microsoft Pinyin IME 2010 is enabled, in order to help users to
enter special characters.
However, the IME toolbar can be used to start Internet Explorer
with system privileges.
On a Chinese system, a local attacker can therefore use Pinyin IME
of Microsoft Office, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-Office-privilege-escalation-via-Pinyin-IME-13405