businessgyan - Fortinet Discovers Critical Vulnerability Affecting Microsoft Speech Engines

Home

BG Content

Business Update

Industry Update

Fortinet Discovers Critical Vulnerability Affecting Microsoft Speech Engines

Jun 13 2007

Fortinet Discovers Critical Vulnerability Affecting Microsoft Speech Engines

Written by News Watch

Wednesday, 13 June 2007

Fortinet discovers latest Microsoft^TM critical vulnerabilities CVE-2007-2222. It is referred as "Speech Control Memory Corruption Vulnerability," that impacts users of Microsoft Speech^TM. The remote buffer overflow vulnerability allows attackers to remotely control victims' systems.

Fortinet, provider of unified threat management (UTM) solutions announced that its Fortinet Global Security Research Team was key in discovering one of the latest Microsoft^TM critical vulnerabilities (CVE-2007-2222), called the "Speech Control Memory Corruption Vulnerability," which impacts users of Microsoft Speech^TM.

The two remote buffer overflow vulnerabilities exist in the "xvoice.dll" ActiveX component of Microsoft Speech version 4.0a, which can allow an attacker to execute arbitrary code on the affected system by exploiting either vulnerability. This, in turn, allows an attacker to take full control of a victim's system. Company also alarms the users to install all updates for the software they're using and protect their connected computers with threat mitigation solutions; otherwise they're donating their resources to the hackers and spammers of the world."

Microsoft Speech users should immediately apply the update provided by Microsoft on June 12, 2007. The Fortinet Global Security Team was critical in discovering these vulnerabilities, as noted in the Microsoft Security Bulletin http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx. For more information on this vulnerability, please visit http://fortiguardcenter.com/advisory/FGA-2007-08.html.