diff --git a/dll/win32/imm32/utils.c b/dll/win32/imm32/utils.c
index 9e0c07195dd..1ba6d556f21 100644
--- a/dll/win32/imm32/utils.c
+++ b/dll/win32/imm32/utils.c
@@ -908,7 +908,8 @@ UINT APIENTRY Imm32GetImeLayout(PREG_IME pLayouts, UINT cLayouts)
 
         RegCloseKey(hkeyIME);
 
-        if (!szImeFileName[0])
+        /* We don't allow the invalid "IME File" values for security reason */
+        if (!szImeFileName[0] || wcschr(szImeFileName, L'\\') != NULL)
             break;
 
         Imm32StrToUInt(szImeKey, &Value, 16);