Microsoft Speech API allows development of Windows applications supporting speech-based interaction.
A memory corruption vulnerability in Microsoft Speech API 4 allows command execution when a user loads a specially crafted web page which invokes the
**Xvoice.dll** ActiveX controls.
Apply the update referenced in Microsoft Security Bulletin 07-033.
Exploit requires a user to load the exploit page into Internet Explorer.