ByteOS Network

NVD Vulnerability Details :

CVE-2014-4077

Deferred

Source-secure@microsoft.com

View Known Exploited Vulnerability (KEV) details

Published At-11 Nov, 2014 | 22:55

Updated At-22 Oct, 2025 | 01:15

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2022-05-25	2022-06-15	Microsoft IME Japanese Privilege Escalation Vulnerability	Apply updates per vendor instructions.

Date Added: 2022-05-25

Due Date: 2022-06-15

Vulnerability Name: Microsoft IME Japanese Privilege Escalation Vulnerability

Required Action: Apply updates per vendor instructions.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 9.3

Base severity: HIGH

Vector:

AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx	secure@microsoft.com	Not Applicable Vendor Advisory
http://www.securitytracker.com/id/1031196	secure@microsoft.com	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031197	secure@microsoft.com	Broken Link Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-078	secure@microsoft.com	Patch Vendor Advisory
http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx	af854a3a-2127-422b-91ae-364da2661108	Not Applicable Vendor Advisory
http://www.securitytracker.com/id/1031196	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031197	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-078	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4077	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A