CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2011-2010
https://notcve.org/view.php?id=CVE-2011-2010
The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability." Microsoft Office Input Method Editor (IME) de chino simplificado de Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, y Office Pinyin New Experience Style 2010 no restringe el acceso a las opciones de configuración, lo que permite a usuarios locales escalar privilegios a través de la barra de herramientas IME Microsoft Pinyin (MSPY). También conocido como "Vulnerabilidad de elevación de privilegios IME Pinyin". • http://www.us-cert.gov/cas/techalerts/TA11-347A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088 • CWE-264: Permissions, Privileges, and Access Controls •