What Is Windows IME (Japanese)?
The Microsoft Input Method Editor for Japanese (IME Japanese) is a keyboard input system included with Windows that enables typing Japanese characters (hiragana, katakana, kanji) using a standard Latin keyboard through phonetic or stroke-based input. IMJPDCT.EXE is the IME Japanese dictionary tool component. On Windows systems with Japanese IME installed (which is included by default and enabled optionally), this component runs with permissions that interact with the broader Windows environment.
CVE-2014-4077 is notable because the vulnerability was found in an unexpected location — the Japanese IME tool — but had security implications for the Enhanced Protected Mode (EPM) sandbox in Internet Explorer.
Overview
CVE-2014-4077 is a privilege escalation vulnerability in the Microsoft Input Method Editor for Japanese (IMJPDCT.EXE). When the Japanese IME is installed on a Windows system running Internet Explorer in Enhanced Protected Mode (EPM), a flaw in the IME component allows code running inside the IE EPM sandbox to interact with IMJPDCT.EXE in a way that bypasses the sandbox's access controls and executes code at a higher privilege level. Patched in MS14-078 (November 11, 2014).
Affected Versions
| System | Status |
|---|---|
| Windows 7 with Japanese IME installed | Vulnerable |
| Windows 8 / 8.1 with Japanese IME | Vulnerable |
| Systems without Japanese IME installed | Not affected |
The Japanese IME is included by default in Windows but disabled by default; it must be enabled as an input method for a user to be exposed. Systems where Japanese IME is not installed or not enabled are not affected.
Technical Details
Root Cause: IME Component Accessible from EPM Sandbox
Internet Explorer's Enhanced Protected Mode (EPM) — available in IE 10 and 11 — uses Windows AppContainer isolation, a stricter sandbox than standard Protected Mode. AppContainer processes are restricted to specific capabilities and cannot interact with most OS components outside their container.
CVE-2014-4077 involves the Japanese IME component (IMJPDCT.EXE) being reachable from within the EPM sandbox due to insufficient access control on the IME's interfaces. Code running inside IE's EPM container can invoke the IME component in a way that causes the IME (running at a higher integrity level or with broader permissions) to perform operations on behalf of the sandboxed process — effectively escaping the AppContainer.
Exploit Chain Role
Like other IE privilege escalation bugs (CVE-2014-2817, CVE-2014-4123), this is most valuable as a second-stage sandbox escape:
- Stage 1: An IE memory corruption or scripting vulnerability achieves code execution inside IE's EPM sandbox
- Stage 2: CVE-2014-4077 is used to escape the EPM sandbox, giving the attacker code execution at user-level privileges (medium integrity)
The unusual aspect is that the bypass route is through the Japanese IME — an unexpected attack surface that may have been overlooked in IE's EPM security model design.
Attack Characteristics
| Attribute | Detail |
|---|---|
| Required Condition | Japanese IME installed and enabled on target Windows |
| Sandbox Bypassed | IE Enhanced Protected Mode (AppContainer) |
| Role | Second-stage sandbox escape |
| Affected Browsers | IE 10 and IE 11 with EPM enabled |
| CWE | CWE-264: Permissions/Privileges/Access Controls |
Discovery
Reported to Microsoft and addressed in the November 2014 Patch Tuesday bulletin MS14-078.
Exploitation Context
- Targeted attacks against Japanese organizations: Systems with Japanese IME enabled are disproportionately deployed in Japan and Japanese-language environments, making this vulnerability particularly relevant for threat actors targeting Japanese businesses, government, and critical infrastructure
- APT targeting of Japan: Multiple APT groups (particularly Chinese-nexus actors) have actively targeted Japanese organizations; CVE-2014-4077 represents a Japan-specific attack surface in their exploit chain options
- Sandbox escape component: Used in exploit chains targeting Japanese-language IE users to escape the EPM sandbox after initial exploitation
- CISA KEV (2022): Added May 2022
Remediation
-
Apply MS14-078 (November 2014).
-
Disable Japanese IME if not required: Control Panel → Language → Remove Japanese input method. This eliminates the attack surface entirely.
-
Retire Internet Explorer — Microsoft ended IE support June 15, 2022. No further patches exist; migrate to Microsoft Edge or another supported browser.
-
Keep Windows fully updated — the broader pattern of sandbox escape vulnerabilities in Windows IME components is addressed through regular patching.
Key Details
| Property | Value |
|---|---|
| CVE ID | CVE-2014-4077 |
| Vendor / Product | Microsoft — Input Method Editor (IME) Japanese |
| NVD Published | 2014-11-11 |
| NVD Last Modified | 2025-10-22 |
| CVSS 3.1 Score | 7.8 |
| CVSS 3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Severity | HIGH |
| CWE | CWE-264 — Permissions, Privileges, and Access Controls find similar ↗ |
| CISA KEV Added | 2022-05-25 |
| CISA KEV Deadline | 2022-06-15 |
| Known Ransomware Use | No |
CVSS 3.1 Breakdown
Required Action
Timeline
| Date | Event |
|---|---|
| 2014-11-11 | Microsoft Security Bulletin MS14-078 released; CVE-2014-4077 patched |
| 2014-11-11 | CVE-2014-4077 published by NVD |
| 2022-05-25 | Added to CISA Known Exploited Vulnerabilities catalog |
| 2022-06-15 | CISA BOD 22-01 remediation deadline |
References
| Resource | Type |
|---|---|
| NVD — CVE-2014-4077 | Vulnerability Database |
| CISA KEV Catalog Entry | US Government |
| Microsoft Security Bulletin MS14-078 — Vulnerability in IME (Japanese) Could Allow Elevation of Privilege | Vendor Advisory |