Unrated severityNVD Advisory· Published Sep 11, 2013· Updated Apr 29, 2026

CVE-2013-3859

Description

Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."

Affected products

Microsoft/Office3 versions
cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*
Microsoft/Pinyin Ime2 versions
cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:*:x64:*+ 1 more
- cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:*:x64:*
- cpe:2.3:a:microsoft:pinyin_ime:2010:*:*:*:*:x86:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.us-cert.gov/ncas/alerts/TA13-253AnvdUS Government Resource
docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-075nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000