CVE-2013-3859

medium

Microsoft

CVSS v3 Base Score

6.9

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Score

0.5%

Exploitation probability in 30 days

Top 36% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Confidentiality

Integrity

Availability

Published: September 11, 2013 (4628 days ago)

Last Modified: April 29, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."

CWE

CWE-264

Affected Products

microsoft officemicrosoft pinyin ime

References

🔗 www.us-cert.gov 🔗 docs.microsoft.com 🔗 www.us-cert.gov 🔗 docs.microsoft.com

CVE-2013-3859

Vulnerability Report

Description

CWE

Affected Products

References