Microsoft Speech API memory corruption

Added: 06/13/2007
CVE: CVE-2007-2222
BID: 24426
OSVDB: 35353

Background

Microsoft Speech API allows development of Windows applications supporting speech-based interaction.

Problem

A memory corruption vulnerability in Microsoft Speech API 4 allows command execution when a user loads a specially crafted web page which invokes the Xlisten.dll or Xvoice.dll ActiveX controls.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-033.

References

http://www.microsoft.com/technet/security/bulletin/MS07-033.mspx

Limitations

Exploit requires a user to load the exploit page into Internet Explorer.

Platforms

Windows XP

Back to exploit index