Back to search
CVE-2007-2222
Published: Jun 12, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ie-speech-code-execution(34630)
vdb-entry
x_refsource_XF
35353
vdb-entry
x_refsource_OSVDB
VU#507433
third-party-advisory
x_refsource_CERT-VN
25627
third-party-advisory
x_refsource_SECUNIA
4065
exploit
x_refsource_EXPLOIT-DB
SSRT071438
vendor-advisory
x_refsource_HP
24426
vdb-entry
x_refsource_BID
1018235
vdb-entry
x_refsource_SECTRACK
http://retrogod.altervista.org/win_speech_2k_sp4.html
x_refsource_MISC
ADV-2007-2153
vdb-entry
x_refsource_VUPEN
TA07-163A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:2031
vdb-entry
signature
x_refsource_OVAL
http://retrogod.altervista.org/win_speech_xp_sp2.html
x_refsource_MISC
MS07-033
vendor-advisory
x_refsource_MS
HPSBST02231
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now