CVE-2014-4077 — Microsoft IME Japanese Privilege Escalation Vulnerability
2022-05-25 • CISA Known Exploited Vulnerability
[event] Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Microsoft |
| Product | Input Method Editor (IME) Japanese |
| CWE | CWE-264 |
| CVE ID | CVE-2014-4077 |
| Date Added | 2022-05-25 |
| Due Date | 2022-06-15 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-06-15