SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft Office Vendors:   Microsoft
Microsoft Office IME Sandbox Bypass Flaw Lets Remote Users Gain Elevated Privileges
SecurityTracker Alert ID:  1031197
SecurityTracker URL:  http://securitytracker.com/id/1031197
CVE Reference:   CVE-2014-4077   (Links to External Site)
Date:  Nov 11 2014
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2007 IME (Japanese)
Description:   A vulnerability was reported in Microsoft Office IME (Japanese). A remote user can bypass sandbox restrictions to gain elevated privileges.

A remote user can create a specially crafted file that, when loaded by the target user, will bypass the application sandbox and gain elevated privileges.

Vitaly Kamluk and Costin Raiu of Kaspersky Lab reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will bypass sandbox restrictions to gain elevated privileges.
Solution:   The vendor has issued the following fix:

Microsoft Office 2007 IME (Japanese):

http://www.microsoft.com/downloads/details.aspx?familyid=5e654593-16b0-4556-ab52-887df754979f

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms14-078

Vendor URL:  technet.microsoft.com/library/security/ms14-078 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC