Vigil@nce - Office 2007: privilege escalation via IME Japanese
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a vulnerability of the IME Japanese of Office
2007, in order to escalate his privileges.
Impacted products: Office, Access, Office Communicator, Excel,
InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio,
Word
Severity: 2/4
Creation date: 12/11/2014
DESCRIPTION OF THE VULNERABILITY
The Office 2007 product can be configured with a Japanese IME
(Input Method Editor), in order to enter Japanese characters.
However, a special file can be used to escape from the sandbox.
Technical details are unknown.
An attacker can therefore use a vulnerability of the IME Japanese
of Office 2007, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Office-2007-privilege-escalation-via-IME-Japanese-15623