CVE-2014-4077

high

Microsoft ⚠️ CISA KEV — Exploited in the Wild

CVSS v3 Base Score

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

50.8%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: November 11, 2014 (4202 days ago)

Last Modified: April 22, 2026

Vendor: Microsoft

Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2022-05-25

Remediation Due: 2022-06-15 (⚠ 1430d overdue)

Description

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.

CWE

NVD-CWE-noinfo

Affected Products

microsoft office 2007 imemicrosoft windows 7microsoft windows server 2003microsoft windows server 2008microsoft windows vista

References

🔗 blogs.technet.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 docs.microsoft.com 🔗 blogs.technet.com

CVE-2014-4077

⚠️ CISA Known Exploited Vulnerability

Vulnerability Report

Description

CWE

Affected Products

References