CVE-2014-4077
high-risk
Published 2014-11-11
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.
Do I need to act?
!
50.8% chance of exploitation in next 30 days
EPSS score — higher than 49% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (7)
Affected Vendors
References (9)
Broken Link
http://www.securitytracker.com/id/1031196
Broken Link
http://www.securitytracker.com/id/1031197
Broken Link
http://www.securitytracker.com/id/1031196
Broken Link
http://www.securitytracker.com/id/1031197
63
/ 100
high-risk
Severity
24/34 · High
Exploitability
25/34 · High
Exposure
14/34 · Moderate