Vulnerabilities > CVE-2014-4077 - Unspecified vulnerability in Microsoft products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 6 | |
Application | 1 |
Msbulletin
bulletin_id | MS14-078 |
bulletin_url | |
date | 2014-11-11T00:00:00 |
impact | Elevation of Privilege |
knowledgebase_id | 2992719 |
knowledgebase_url | |
severity | Moderate |
title | Vulnerability in IME (Japanese) Could Allow Elevation of Privilege |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS14-078.NASL |
description | The remote Windows host is affected by a privilege escalation vulnerability in the Microsoft Input Method Editor (IME) (Japanese) component that is triggered when loading dictionary files. An attacker can exploit this vulnerability by convincing a user to open a specially crafted file, resulting in a sandbox escape and an escalation of privileges in the context of the current user. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 79137 |
published | 2014-11-12 |
reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/79137 |
title | MS14-078: Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719) |
References
- http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx
- http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx
- http://www.securitytracker.com/id/1031196
- http://www.securitytracker.com/id/1031196
- http://www.securitytracker.com/id/1031197
- http://www.securitytracker.com/id/1031197
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-078
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-078