COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2014-4077

CVE-2014-4077

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2022-05-25
Reference
https://nvd.nist.gov/vuln/detail/CVE-2014-4077
⌖ exploited in the wild shame 50/100 exploited-in-wild

Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is in

Players implicated

Microsoft · vendorInput Method Editor (IME) Japanese · product

Description

Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90