Microsoft Speech API memory corruption

2007-06-13T00:00:00
ID SAINT:405B9E5C793F720B0F6EF4B34FD5ED02
Type saint
Reporter SAINT Corporation
Modified 2007-06-13T00:00:00

Description

Added: 06/13/2007
CVE: CVE-2007-2222
BID: 24426
OSVDB: 35353

Background

Microsoft Speech API allows development of Windows applications supporting speech-based interaction.

Problem

A memory corruption vulnerability in Microsoft Speech API 4 allows command execution when a user loads a specially crafted web page which invokes the **Xlisten.dll** or **Xvoice.dll** ActiveX controls.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-033.

References

<http://www.microsoft.com/technet/security/bulletin/MS07-033.mspx>

Limitations

Exploit requires a user to load the exploit page into Internet Explorer.

Platforms

Windows XP