Home Microsoft CVE-2014-4077
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Microsoft

CVE-2014-4077

Exploited

Microsoft Windows - IME for Japanese (IMJPDCT.EXE)

Microsoft CVSS 7.8 Updated April 30, 2026

Executive Risk Summary

"A vulnerability in the Microsoft IME for Japanese (IMJPDCT.EXE) allows remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, potentially leading to elevation of privilege. This vulnerability affects various Windows operating systems and Office 2007 SP3 when IMJPDCT.EXE is installed."

Anticipated Attack Path

  1. 1. Initial Exploitation: Attacker crafts a malicious PDF document
  2. 2. Privilege Escalation: Exploits the IMJPDCT.EXE vulnerability to bypass sandbox protection
  3. 3. Post-Exploitation: Attacker gains elevated privileges on the system

Am I Vulnerable?

  • Verify if IMJPDCT.EXE is installed on the system
  • Check for any suspicious PDF documents or attachments
  • Monitor system logs for signs of exploitation or privilege escalation

Operational Audit Arsenal

Target Type Process
Target Asset IMJPDCT.EXE
Standard Path C:\Windows\System32\
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: IMJPDCT.EXE (Process)
$Targets = 'IMJPDCT.EXE'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Minimal to Moderate

Internal Work Notes

Elevation of Privilege vulnerability in Microsoft IME for Japanese (IMJPDCT.EXE) - apply MS14-078 patch to mitigate

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttp://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx
Official Advisoryhttp://www.securitytracker.com/id/1031196
Official Advisoryhttp://www.securitytracker.com/id/1031197
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-078
Official Advisoryhttp://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx
Official Advisoryhttp://www.securitytracker.com/id/1031196
Official Advisoryhttp://www.securitytracker.com/id/1031197
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-078
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4077

Related Microsoft Threats

CVE-2026-42901 CVSS 10

Microsoft Entra ID
CVE-2025-65041 CVSS 10

Microsoft Partner Center
CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.