Microsoft Windows Vista Speech Recognition sapi.dll code injection
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft Windows Vista and classified as critical. Affected by this issue is some unknown functionality in the library sapi.dll of the component Speech Recognition. The manipulation results in code injection. This vulnerability is cataloged as CVE-2007-0675. There is no exploit available. It is suggested to upgrade the affected component.
Details
A vulnerability classified as critical has been found in Microsoft Windows Vista (Operating System). Affected is an unknown code in the library sapi.dll of the component Speech Recognition. The manipulation with an unknown input leads to a code injection vulnerability. CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
The weakness was shared 02/02/2007 by Sebastian Krahmer (Website). The advisory is available at us-cert.gov. This vulnerability is traded as CVE-2007-0675 since 02/01/2007. The exploitability is told to be difficult. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are known, but there is no available exploit. This vulnerability is assigned to T1059 by the MITRE ATT&CK project.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 33134 (MS08-032: Cumulative Security Update of ActiveX Kill Bits (950760)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90441 (Cumulative Security Update of ActiveX Kill Bits (MS08-032)).
Upgrading eliminates this vulnerability. A possible mitigation has been published 2 years after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 6173.
The vulnerability is also documented in the databases at X-Force (42701), Tenable (33134), SecurityFocus (BID 22359†), Secunia (SA30578†) and SecurityTracker (ID 1020232†). The entries VDB-42733, VDB-42732, VDB-42731 and VDB-42730 are related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
License
Support
- end of life (old version)
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.0
VulDB Base Score: 10.0
VulDB Temp Score: 9.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Code injectionCWE: CWE-94 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 33134
Nessus Name: MS08-032: Cumulative Security Update of ActiveX Kill Bits (950760)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 801486
OpenVAS Name: Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
TippingPoint: 🔍
McAfee IPS Version: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
01/31/2007 🔍02/01/2007 🔍
02/02/2007 🔍
02/02/2007 🔍
06/10/2008 🔍
06/10/2008 🔍
06/10/2008 🔍
06/10/2008 🔍
06/11/2008 🔍
03/13/2015 🔍
06/14/2025 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: us-cert.gov
Researcher: Sebastian Krahmer
Status: Confirmed
CVE: CVE-2007-0675 (🔍)
GCVE (CVE): GCVE-0-2007-0675
GCVE (VulDB): GCVE-100-34794
OVAL: 🔍
X-Force: 42701
SecurityFocus: 22359 - Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability
Secunia: 30578
SecurityTracker: 1020232
Vulnerability Center: 18590 - [MS08-032] Microsoft Speech API on Windows Allows User-Assisted Remote Attackers to Execute Code, Medium
Vupen: ADV-2008-1779
See also: 🔍
Entry
Created: 03/13/2015 10:40Updated: 06/14/2025 01:23
Changes: 03/13/2015 10:40 (70), 09/17/2018 08:17 (17), 06/14/2025 01:23 (18)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.