CVE-2007-2222

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.

Published: Jun 12, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2222
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	5.01-sp4	5.01-sp4.x
microsoft / internet_explorer	6-sp1	6-sp1.x
microsoft / internet_explorer	6	6.x
microsoft / internet_explorer	7.0	7.0.x

http://osvdb.org/35353
http://retrogod.altervista.org/win_speech_2k_sp4.html
http://retrogod.altervista.org/win_speech_xp_sp2.html
http://secunia.com/advisories/25627
http://securitytracker.com/id?1018235
http://www.exploit-db.com/exploits/4065
http://www.kb.cert.org/vuls/id/507433
http://www.securityfocus.com/archive/1/471947/100/0/threaded
http://www.securityfocus.com/bid/24426
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
http://www.vupen.com/english/advisories/2007/2153
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
https://exchange.xforce.ibmcloud.com/vulnerabilities/34630
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031

Vulnerability Database

291,049

CVE-2007-2222