HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-79
Microsoft Windows Speech API Remote Code Execution

Original Issue Date: June 12, 2008

Severity Rating: Low

System Affected

  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems
  • Windows Vista x64 Edition
  • Windows Vista x64 Edition Service Pack 1
  • Windows Vista and SP1
  • Windows Server 2003 with SP1 and SP2 for Itanium-based Systems
  • Windows Server 2003 x64 Edition
  • Windows Server 2003 x64 Edition SP2
  • Windows Server 2003 SP1 and SP2
  • Windows XP Professional x64 Edition
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows XP Service Pack 2 and SP 3
  • Microsoft Windows 2000 SP4

Overview

A vulnerability has been reported in Microsoft Speech API that could allow a remote user to execute arbitrary code and to take complete control of an affected system.

Description

This vulnerability is caused by an input validation error in the Speech Components "sapi.dll" when playing audio files in Internet Explorer, which could allow attackers to issue certain commands via a malicious audio file and execute arbitrary code on a system with the speech recognition feature activated and configured.

Workarounds

  • Prevent COM objects from running in Internet Explorer by setting the kill bit for the control in the registry as below:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility \ { CLSID of killed ActiveX control }]" Compatibility Flags"=0x0400

      The CLSIDs of the affected controls are:

      47206204-5eca-11d2-960f-00c04f8ee628
      3bee4890-4fe9-4a37-8c1e-5e7e12791c1f

Solution

A pply appropriate patches as mentioned in Microsoft Security Bulletin MS08-032

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx

References

FrSIRT
http://www.frsirt.com/english/advisories/2008/1779

SecurityLab
http://en.securitylab.ru/notification/354528.php

SecurityTracker
http://www.securitytracker.com/alerts/2008/Jun/1020232.html

Symantec
http://www.symantec.com/avcenter/attack_sigs/s22974.html

CVE-Name
CVE-2007-0675

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003