Back to search
CVE-2007-0675
Published: Feb 3, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
30578
third-party-advisory
x_refsource_SECUNIA
[dailydave] 20070131 Vista speach recognition
mailing-list
x_refsource_MLIST
22359
vdb-entry
x_refsource_BID
TA08-162B
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:5489
vdb-entry
signature
x_refsource_OVAL
HPSBST02344
vendor-advisory
x_refsource_HP
[dailydave] 20070130 Vista speach recognition
mailing-list
x_refsource_MLIST
SSRT080087
vendor-advisory
x_refsource_HP
1020232
vdb-entry
x_refsource_SECTRACK
ADV-2008-1779
vdb-entry
x_refsource_VUPEN
MS08-032
vendor-advisory
x_refsource_MS
[dailydave] 20070130 Vista speach recognition
mailing-list
x_refsource_MLIST
[dailydave] 20070130 Vista speach recognition
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now