|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-07-04 | |
| Rule Name: | Internet Explorer - Microsoft Speech API 4 ActiveX Overflow Vulnerability (CVE-2007-2222) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | ExploitDB:4065 SecurityFocusBID:24426 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033 http://retrogod.altervista.org/win_speech_2k_sp4.html |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx |