CVE-2011-2010

high

Microsoft

CVSS v3 Base Score

7.2

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

0.5%

Exploitation probability in 30 days

Top 34% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: December 14, 2011 (5266 days ago)

Last Modified: April 29, 2026

Vendor: Microsoft

Source: NVD

Description

The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."

CWE

CWE-264

Affected Products

microsoft pinyin imemicrosoft pinyin new experience stylemicrosoft pinyin simple fast style

References

🔗 www.us-cert.gov 🔗 docs.microsoft.com 🔗 www.us-cert.gov 🔗 docs.microsoft.com

CVE-2011-2010

Vulnerability Report

Description

CWE

Affected Products

References