Release DateDec 16, 2011 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates a possible attempt to exploit a Remote Code Execution vulnerability in the Microsoft Speech Recognition feature.The vulnerability is located in the "sapi.dll" ActiveX control. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Note that the Speech Recognition feature is disabled by default in Windows Vista. |
Affected ProductsMicrosoft Windows 2000 Service Pack 4Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 1 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP1 for Itanium-based Systems Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Windows Vista Service Pack 1 Windows Vista x64 Edition Windows Vista x64 Edition Service Pack 1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 for Itanium-based Systems |
Recommended ActionsApply patch, available from the web site.http://www.microsoft.com/technet/security/Bulletin/ms08-032.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0675 |
