{"api_version":"1","generated_at":"2026-04-23T12:32:33+00:00","cve":"CVE-2013-3859","urls":{"html":"https://cve.report/CVE-2013-3859","api":"https://cve.report/api/cve/CVE-2013-3859.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-3859","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-3859"},"summary":{"title":"CVE-2013-3859","description":"Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka \"Chinese IME Vulnerability.\"","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2013-09-11 14:03:00","updated_at":"2018-10-12 22:05:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://www.us-cert.gov/ncas/alerts/TA13-253A","name":"TA13-253A","refsource":"CERT","tags":["US Government Resource"],"title":"Microsoft Updates for Multiple Vulnerabilities | US-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075","name":"MS13-075","refsource":"MS","tags":[],"title":"Microsoft Security Bulletin MS13-075 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-3859","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3859","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2010","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2010","cpe7":"sp1","cpe8":"x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2010","cpe7":"sp1","cpe8":"x86","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2010","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2010","cpe7":"sp1","cpe8":"x64","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2010","cpe7":"sp1","cpe8":"x86","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"pinyin_ime","cpe6":"2010","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"pinyin_ime","cpe6":"2010","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"x86","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"pinyin_ime","cpe6":"2010","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2013","cve_id":"3859","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"pinyin_ime","cpe6":"2010","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"x86","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2013-3859","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka \"Chinese IME Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"MS13-075","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075"},{"name":"TA13-253A","refsource":"CERT","url":"http://www.us-cert.gov/ncas/alerts/TA13-253A"}]}},"nvd":{"publishedDate":"2013-09-11 14:03:00","lastModifiedDate":"2018-10-12 22:05:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:x86:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:*:x64:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"3859","Ordinal":"63518","Title":"CVE-2013-3859","CVE":"CVE-2013-3859","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"3859","Ordinal":"1","NoteData":"Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka \"Chinese IME Vulnerability.\"","Type":"Description","Title":null},{"CveYear":"2013","CveId":"3859","Ordinal":"2","NoteData":"2013-09-11","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"3859","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}