CVE-2007-0675 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-0675
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0675

Description: A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.

CVE Status: Candidate

References: ST 1020232 SAID Secunia Advisory: SA30578 MS http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx MLIST http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html MISC http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx HP http://marc.info/?l=bugtraq&m=121380194923597&w=2 CERT http://www.us-cert.gov/cas/techalerts/TA08-162B.html BID 22359

Return to the previous page.