cve-2007-0675
Vulnerability from cvelistv5
Published
2007-02-03 01:00
Modified
2024-08-07 12:26
Severity ?
Summary
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
References
cve@mitre.orghttp://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx
cve@mitre.orghttp://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html
cve@mitre.orghttp://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html
cve@mitre.orghttp://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html
cve@mitre.orghttp://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=121380194923597&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=121380194923597&w=2
cve@mitre.orghttp://secunia.com/advisories/30578
cve@mitre.orghttp://www.securityfocus.com/bid/22359
cve@mitre.orghttp://www.securitytracker.com/id?1020232
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA08-162B.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1779/references
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489
af854a3a-2127-422b-91ae-364da2661108http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx
af854a3a-2127-422b-91ae-364da2661108http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html
af854a3a-2127-422b-91ae-364da2661108http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=121380194923597&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=121380194923597&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30578
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22359
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020232
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-162B.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1779/references
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:26:54.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx"
          },
          {
            "name": "30578",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30578"
          },
          {
            "name": "[dailydave] 20070131 Vista speach recognition",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html"
          },
          {
            "name": "22359",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22359"
          },
          {
            "name": "TA08-162B",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5489",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489"
          },
          {
            "name": "HPSBST02344",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
          },
          {
            "name": "[dailydave] 20070130 Vista speach recognition",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html"
          },
          {
            "name": "SSRT080087",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
          },
          {
            "name": "1020232",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020232"
          },
          {
            "name": "ADV-2008-1779",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1779/references"
          },
          {
            "name": "MS08-032",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032"
          },
          {
            "name": "[dailydave] 20070130 Vista speach recognition",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html"
          },
          {
            "name": "[dailydave] 20070130 Vista speach recognition",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx"
        },
        {
          "name": "30578",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30578"
        },
        {
          "name": "[dailydave] 20070131 Vista speach recognition",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html"
        },
        {
          "name": "22359",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22359"
        },
        {
          "name": "TA08-162B",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
        },
        {
          "name": "oval:org.mitre.oval:def:5489",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489"
        },
        {
          "name": "HPSBST02344",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
        },
        {
          "name": "[dailydave] 20070130 Vista speach recognition",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html"
        },
        {
          "name": "SSRT080087",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
        },
        {
          "name": "1020232",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020232"
        },
        {
          "name": "ADV-2008-1779",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1779/references"
        },
        {
          "name": "MS08-032",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032"
        },
        {
          "name": "[dailydave] 20070130 Vista speach recognition",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html"
        },
        {
          "name": "[dailydave] 20070130 Vista speach recognition",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0675",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx"
            },
            {
              "name": "30578",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30578"
            },
            {
              "name": "[dailydave] 20070131 Vista speach recognition",
              "refsource": "MLIST",
              "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html"
            },
            {
              "name": "22359",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22359"
            },
            {
              "name": "TA08-162B",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5489",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489"
            },
            {
              "name": "HPSBST02344",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
            },
            {
              "name": "[dailydave] 20070130 Vista speach recognition",
              "refsource": "MLIST",
              "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html"
            },
            {
              "name": "SSRT080087",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2"
            },
            {
              "name": "1020232",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020232"
            },
            {
              "name": "ADV-2008-1779",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1779/references"
            },
            {
              "name": "MS08-032",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032"
            },
            {
              "name": "[dailydave] 20070130 Vista speach recognition",
              "refsource": "MLIST",
              "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html"
            },
            {
              "name": "[dailydave] 20070130 Vista speach recognition",
              "refsource": "MLIST",
              "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0675",
    "datePublished": "2007-02-03T01:00:00",
    "dateReserved": "2007-02-02T00:00:00",
    "dateUpdated": "2024-08-07T12:26:54.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0675\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-02-03T01:28:00.000\",\"lastModified\":\"2024-11-21T00:26:27.893\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.\"},{\"lang\":\"es\",\"value\":\"Un cierto control ActiveX en la biblioteca sapi.dll (tambi\u00e9n se conoce como la API Speech) en Speech Components en Microsoft Windows Vista, cuando la funcionalidad Speech Recognition est\u00e1 habilitada, permite a atacantes remotos asistidos por el usuario eliminar archivos arbitrarios y realizar otras actividades no autorizadas, por medio de una p\u00e1gina web con un objeto de sonido integrado que contiene comandos de voz en un micr\u00f3fono habilitado, lo que permite la interacci\u00f3n con el Explorador de Windows.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*\",\"matchCriteriaId\":\"CC3161FD-F631-405A-BE3A-0B78D5DCD7B2\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30578\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22359\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020232\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-162B.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1779/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=121380194923597\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22359\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-162B.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1779/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.