Microsoft Windows Speech组件语音识别远程命令执行漏洞（MS08-032）

BUGTRAQ ID: 22359 CVECAN ID: CVE-2007-0675 Microsoft Windows是微软发布的非常流行的操作系统。 如果Windows中启用了语音识别功能的话，则Speech组件sapi.dll中存在远程执行代码漏洞。攻击者可以通过构造嵌入了声音对象的特制网页来利用该漏洞，当用户查看网页时，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft...

Microsoft Windows Speech Components sapi.dll Code Execution (MS08-032; CVE-2007-0675)

The ActiveX Speech Components sapi.dll is part of the Microsoft Speech Application Programming Interface SAPI that allows the use of speech recognition and speech synthesis within Windows applications. A remote code execution vulnerability has been reported in the ActiveX Speech Components...

CVE-2007-0675

A certain ActiveX control in sapi.dll aka the Speech API in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sou...

Design/Logic Flaw

A certain ActiveX control in sapi.dll aka the Speech API in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sou...

CVE-2007-0675

A certain ActiveX control in sapi.dll aka the Speech API in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sou...

CVE-2007-0675

CVE-2007-0675 targets the sapi.dll ActiveX control in Microsoft Speech Components (Speech API) on Windows with Speech Recognition enabled. A remote attacker could exploit a specially crafted web page to achieve remote code execution; user interaction is required to view the page, and the vulnerab...