Vigil@nce - Microsoft Office: privilege escalation via Pinyin IME
September 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
On a Chinese system, a local attacker can use Pinyin IME of Microsoft Office, in order to escalate his privileges.
Impacted products: Office, Access, Excel, InfoPath, OneNote,
Outlook, PowerPoint, Project, Publisher, Visio, Word
Creation date: 10/09/2013
DESCRIPTION OF THE VULNERABILITY
When Microsoft Office 2010 is installed on a Chinese system, Microsoft Pinyin IME 2010 is enabled, in order to help users to enter special characters.
However, the IME toolbar can be used to start Internet Explorer with system privileges.
On a Chinese system, a local attacker can therefore use Pinyin IME of Microsoft Office, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN