Lucene search

[email protected]CVE-2007-0675

HistoryFeb 03, 2007 - 1:28 a.m.

CVE-2007-0675

2007-02-0301:28:00

CWE-94

[email protected]

web.nvd.nist.gov

sapi.dll

activex control

user-assisted

remote attackers

arbitrary files

web page

sound object

6.8 Medium

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.929 High

EPSS

Percentile

99.0%

JSON

A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.

CPENameOperatorVersion
microsoft:windows_vistamicrosoft windows vistaeq*

CPE	Name	Operator	Version
microsoft:windows_vista	microsoft windows vista	eq	*

References

blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx

lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html

lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html

lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html

lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html

marc.info/?l=bugtraq&m=121380194923597&w=2

secunia.com/advisories/30578

www.securityfocus.com/bid/22359

www.securitytracker.com/id?1020232

www.us-cert.gov/cas/techalerts/TA08-162B.html

www.vupen.com/english/advisories/2008/1779/references

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489

6.8 Medium

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.929 High

EPSS

Percentile

99.0%

JSON

Related for CVE-2007-0675

checkpoint_advisories1 openvas2 prion1 securityvulns2 seebug1 mskb1 nessus1