Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Vista speech recognition unauthorized access
updated since 03.02.2007
Published:11.06.2008
Source:
SecurityVulns ID:7167
Type:client
Threat Level:
5/10
Description:Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound.
Affected:MICROSOFT : Windows Vista
CVE:CVE-2007-0675 (** DISPUTED ** The Speech Recognition feature of Windows Vista allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. NOTE: the vendor disputes the severity of this issue, stating that "there is little if any need to worry about the effects of this issue on your new Windows Vista installation." Since little user interaction is required, and the relevant operating environment is common, CVE considers this a vulnerability.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-032 - Moderate Cumulative Security Update of ActiveX Kill Bits (950760) (11.06.2008)
 documentGeorge Ou, [Dailydave] Vista speach recognition (03.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod