Microsoft Windows 2000 Simplified Chinese IME Vulnerability

An Input Method Editor (IME) enables a standard 101-key keyboard to type out character-based languages (eg. Chinese, Korean, etc). Any user who has physical or virtual access (via a Terminal Server session) to a system running Windows 2000 that has Simplified Chinese IME installed can log on in a LocalSystem context without providing any credentials whatsoever.

Under normal conditions, an IME should only run under a user's security context. During the logon screen process, the Simplified Chinese IME runs in the LocalSystem context (operating system context) and displays certain functions which should not be made available to a user who hasn't logged on yet. Due to this flaw, any user can logon interactively to the system without entering a username or password. Successful exploitation of this vulnerability would allow full access and complete control over the system.

This vulnerability only affects the Simplified Chinese version of Windows 2000. The English version is only susceptible to this vulnerability if the Simplified Chinese IME had been installed during the system setup. If it had been installed after the system setup, the English version would not be vulnerable to this exploit.


Privacy Statement
Copyright 2010, SecurityFocus