CERTA-2011-AVI-685

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permettant à un utilisateur malintentionné d'élever ses privilèges est présente dans Microsoft Office IME.

Description

Une vulnérabilité non spécifiée est présente dans Microsoft Office IME. Elle affecte les versions de Microsoft Office ayant une version vulnérable du composant Microsoft Pinyin Input Method Editor pour Chinois Simplifié d'installée. Elle peut être déclenchée grâce à une suite d'actions spécifiques et conduire à une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Microsoft Office Microsoft Office 2010 et Microsoft Office 2010 Service Pack 1 en versions 64 bits ;
Microsoft Office Microsoft Office 2010 et Microsoft Office 2010 Service Pack 1 en versions 32 bits ;
Microsoft Office Microsoft Office Pinyin SimpleFast Style 2010 et Microsoft Office Pinyin New Experience Style 2010 en versions 32 bits ;
Microsoft Office Microsoft Office Pinyin SimpleFast Style 2010 et Microsoft Office Pinyin New Experience Style 2010 en versions 64 bits.
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office 2010 et Microsoft Office 2010 Service Pack 1 en versions 64 bits ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 et Microsoft Office 2010 Service Pack 1 en versions 32 bits ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Pinyin SimpleFast Style 2010 et Microsoft Office Pinyin New Experience Style 2010 en versions 32 bits ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Pinyin SimpleFast Style 2010 et Microsoft Office Pinyin New Experience Style 2010 en versions 64 bits.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 non sp\u00e9cifi\u00e9e est pr\u00e9sente dans Microsoft Office IME.\nElle affecte les versions de Microsoft Office ayant une version\nvuln\u00e9rable du composant Microsoft Pinyin Input Method Editor pour\nChinois Simplifi\u00e9 d\u0027install\u00e9e. Elle peut \u00eatre d\u00e9clench\u00e9e gr\u00e2ce \u00e0 une\nsuite d\u0027actions sp\u00e9cifiques et conduire \u00e0 une \u00e9l\u00e9vation de privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2010"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-685",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant \u00e0 un utilisateur malintentionn\u00e9 d\u0027\u00e9lever\nses privil\u00e8ges est pr\u00e9sente dans Microsoft Office IME.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-088 du 13 d\u00e9cembre 2011",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS11-088"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.