[Japanese]
|
JVNDB-2016-005802
|
Microsoft IME may insecurely load Dynamic Link Libraries
|
Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs.
When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it.
This registry key does not exist by default, and can be created by a normal user.
If an application program is invoked with some high privilege, this mechanism can be leveraged for privilege escalation attacks.
Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity: Base Metrics 5.1 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
Microsoft Corporation
- Microsoft IME
- Microsoft Windows 10 Version 1511 for 32-bit Systems
- Microsoft Windows 10 Version 1511 for x64-based Systems
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 10 Version 1607 for x64-based Systems
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Windows 7 for 32-bit Systems SP1
- Microsoft Windows 7 for x64-based Systems SP1
- Microsoft Windows 8.1 for 32-bit Systems
- Microsoft Windows 8.1 for x64-based Systems
- Microsoft Windows RT 8.1
- Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
- Microsoft Windows Server 2008 R2 for x64-based Systems SP1
- Microsoft Windows Server 2008 R2 for x64-based Systems SP1 (Server Core installation)
- Microsoft Windows Server 2008 for 32-bit Systems SP2
- Microsoft Windows Server 2008 for 32-bit Systems SP2 (Server Core installation)
- Microsoft Windows Server 2008 for Itanium-based Systems SP2
- Microsoft Windows Server 2008 for x64-based Systems SP2
- Microsoft Windows Server 2008 for x64-based Systems SP2 (Server Core installation)
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 (Server Core installation)
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2012 R2 (Server Core installation)
- Microsoft Windows Server 2016 for x64-based Systems
- Microsoft Windows Server 2016 for x64-based Systems (Server Core installation)
- Microsoft Windows Vista SP2
- Microsoft Windows Vista x64 Edition SP2
|
|
Arbitrary code may be executed with the execution privilege of the application program which initiated Microsoft IME.
This can occur when a user is tricked into placing a malicious DLL file prepared by an attacker in a specific folder and enter in the registry key the specific folder location.
|
[Update the Software]
Apply the Windows Updates according to the information provided by Microsoft.
This issue is addressed in MS16-130 released on November 8th, 2016.
|
Microsoft Corporation
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2016-7221
|
- JVN : JVN#21627267
- JVN : JVNTA#91240916
- National Vulnerability Database (NVD) : CVE-2016-7221
- IPA SECURITY ALERTS : Security Alert for Vulnerability in Microsoft IME (November 2016)(JVN#21627267) (in Japanese)
- JPCERT REPORT : JPCERT-AT-2016-0046
|
- [2017/07/07]
Web page was published
|