CVE-2011-2010

CVE Database · CVE-2011-2010

CVE-2011-2010

· N/AModified

CVSS v3.1

N/A

EPSS

1.80%

Published

Dec 13, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

Weaknesses (CWE)

CWE-264

Affected Products (6)

microsoft · pinyin_imevulnerable

microsoft · pinyin_new_experience_stylevulnerable

microsoft · pinyin_simple_fast_stylevulnerable

References (4)

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-088

KEV Catalog EPSS Scores Vendors All CVEs