cve-2007-0675
Vulnerability from cvelistv5
Published
2007-02-03 01:00
Modified
2024-08-07 12:26
Severity ?
EPSS score ?
Summary
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T12:26:54.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx" }, { "name": "30578", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30578" }, { "name": "[dailydave] 20070131 Vista speach recognition", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html" }, { "name": "22359", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/22359" }, { "name": "TA08-162B", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html" }, { "name": "oval:org.mitre.oval:def:5489", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489" }, { "name": "HPSBST02344", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2" }, { "name": "[dailydave] 20070130 Vista speach recognition", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html" }, { "name": "SSRT080087", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2" }, { "name": "1020232", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020232" }, { "name": "ADV-2008-1779", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1779/references" }, { "name": "MS08-032", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032" }, { "name": "[dailydave] 20070130 Vista speach recognition", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html" }, { "name": "[dailydave] 20070130 Vista speach recognition", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-01-30T00:00:00", "descriptions": [ { "lang": "en", "value": "A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx" }, { "name": "30578", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30578" }, { "name": "[dailydave] 20070131 Vista speach recognition", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html" }, { "name": "22359", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/22359" }, { "name": "TA08-162B", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html" }, { "name": "oval:org.mitre.oval:def:5489", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489" }, { "name": "HPSBST02344", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2" }, { "name": "[dailydave] 20070130 Vista speach recognition", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html" }, { "name": "SSRT080087", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2" }, { "name": "1020232", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020232" }, { "name": "ADV-2008-1779", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1779/references" }, { "name": "MS08-032", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032" }, { "name": "[dailydave] 20070130 Vista speach recognition", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html" }, { "name": "[dailydave] 20070130 Vista speach recognition", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0675", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx", "refsource": "MISC", "url": "http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx" }, { "name": "30578", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30578" }, { "name": "[dailydave] 20070131 Vista speach recognition", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html" }, { "name": "22359", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22359" }, { "name": "TA08-162B", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html" }, { "name": "oval:org.mitre.oval:def:5489", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489" }, { "name": "HPSBST02344", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2" }, { "name": "[dailydave] 20070130 Vista speach recognition", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html" }, { "name": "SSRT080087", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2" }, { "name": "1020232", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020232" }, { "name": "ADV-2008-1779", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1779/references" }, { "name": "MS08-032", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032" }, { "name": "[dailydave] 20070130 Vista speach recognition", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html" }, { "name": "[dailydave] 20070130 Vista speach recognition", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0675", "datePublished": "2007-02-03T01:00:00", "dateReserved": "2007-02-02T00:00:00", "dateUpdated": "2024-08-07T12:26:54.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2007-0675\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-02-03T01:28:00.000\",\"lastModified\":\"2024-11-21T00:26:27.893\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.\"},{\"lang\":\"es\",\"value\":\"Un cierto control ActiveX en la biblioteca sapi.dll (tambi\u00e9n se conoce como la API Speech) en Speech Components en Microsoft Windows Vista, cuando la funcionalidad Speech Recognition est\u00e1 habilitada, permite a atacantes remotos asistidos por el usuario eliminar archivos arbitrarios y realizar otras actividades no autorizadas, por medio de una p\u00e1gina web con un objeto de sonido integrado que contiene comandos de voz en un micr\u00f3fono habilitado, lo que permite la interacci\u00f3n con el Explorador de Windows.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*\",\"matchCriteriaId\":\"CC3161FD-F631-405A-BE3A-0B78D5DCD7B2\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30578\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22359\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020232\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-162B.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1779/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22359\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-162B.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1779/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.