CVE-2007-2222
CVE-2007-2222
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 3
cve_referencewww.exploit-db.com/exploits/4065não verificadoexploitdbwww.exploit-db.com/exploits/4065não verificadoexploitdbwww.exploit-db.com/exploits/4066não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://osvdb.org/35353http://retrogod.altervista.org/win_speech_2k_sp4.htmlhttp://retrogod.altervista.org/win_speech_xp_sp2.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033http://secunia.com/advisories/25627http://securitytracker.com/id?1018235https://exchange.xforce.ibmcloud.com/vulnerabilities/34630https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031http://www.exploit-db.com/exploits/4065http://www.kb.cert.org/vuls/id/507433http://www.securityfocus.com/archive/1/471947/100/0/threadedhttp://www.securityfocus.com/bid/24426