CVE Vulnerability

CVE-2007-2222

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://retrogod.altervista.org/win_speech_2k_sp4.html
http://retrogod.altervista.org/win_speech_xp_sp2.html
http://www.us-cert.gov/cas/techalerts/TA07-163A.html US Government Resource
http://www.kb.cert.org/vuls/id/507433 US Government Resource
http://www.securityfocus.com/bid/24426
http://securitytracker.com/id?1018235
http://secunia.com/advisories/25627 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2153 Vendor Advisory
http://osvdb.org/35353
http://www.exploit-db.com/exploits/4065
https://exchange.xforce.ibmcloud.com/vulnerabilities/34630
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
http://www.securityfocus.com/archive/1/471947/100/0/threaded
Configurations

Configuration 1
Information

Published : 2007-06-12 07:30

Updated : 2021-07-23 03:05

NVD link : CVE-2007-2222

Mitre link : CVE-2007-2222

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer