CVE-2011-2010

Summary

CVE	CVE-2011-2010
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2011-12-14 00:55:00 UTC
Updated	2018-10-12 22:01:00 UTC
Description	The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Microsoft	Pinyin Ime	2010	All	x64	All
Application	Microsoft	Pinyin Ime	2010	All	x86	All
Application	Microsoft	Pinyin Ime	2010	All	x64	All
Application	Microsoft	Pinyin Ime	2010	All	x86	All
Application	Microsoft	Pinyin New Experience Style	2010	All	x64	All
Application	Microsoft	Pinyin New Experience Style	2010	All	x86	All
Application	Microsoft	Pinyin New Experience Style	2010	All	x64	All
Application	Microsoft	Pinyin New Experience Style	2010	All	x86	All
Application	Microsoft	Pinyin Simple Fast Style	2010	All	x64	All
Application	Microsoft	Pinyin Simple Fast Style	2010	All	x86	All
Application	Microsoft	Pinyin Simple Fast Style	2010	All	x64	All
Application	Microsoft	Pinyin Simple Fast Style	2010	All	x86	All

References

Reference	Source	Link	Tags
US-CERT Technical Cyber Security Alert TA11-347A -- Microsoft Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
Microsoft Security Bulletin MS11-088 - Important \| Microsoft Docs	MS	docs.microsoft.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.