cvelistv5 - CVE-2007-2222

CVE-2007-2222 (GCVE-0-2007-2222)

Vulnerability from cvelistv5 – Published: 2007-06-12 19:00 – Updated: 2024-08-07 13:23

Summary

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/35353	vdb-entryx_refsource_OSVDB
	http://www.kb.cert.org/vuls/id/507433	third-party-advisoryx_refsource_CERT-VN
	http://secunia.com/advisories/25627	third-party-advisoryx_refsource_SECUNIA
	http://www.exploit-db.com/exploits/4065	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/bid/24426	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1018235	vdb-entryx_refsource_SECTRACK
	http://retrogod.altervista.org/win_speech_2k_sp4.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2007/2153	vdb-entryx_refsource_VUPEN
	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	third-party-advisoryx_refsource_CERT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://retrogod.altervista.org/win_speech_xp_sp2.html	x_refsource_MISC
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:51.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ie-speech-code-execution(34630)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
          },
          {
            "name": "35353",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35353"
          },
          {
            "name": "VU#507433",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/507433"
          },
          {
            "name": "25627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25627"
          },
          {
            "name": "4065",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/4065"
          },
          {
            "name": "SSRT071438",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "24426",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24426"
          },
          {
            "name": "1018235",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018235"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://retrogod.altervista.org/win_speech_2k_sp4.html"
          },
          {
            "name": "ADV-2007-2153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2153"
          },
          {
            "name": "TA07-163A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:2031",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://retrogod.altervista.org/win_speech_xp_sp2.html"
          },
          {
            "name": "MS07-033",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
          },
          {
            "name": "HPSBST02231",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "ie-speech-code-execution(34630)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
        },
        {
          "name": "35353",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35353"
        },
        {
          "name": "VU#507433",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/507433"
        },
        {
          "name": "25627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25627"
        },
        {
          "name": "4065",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/4065"
        },
        {
          "name": "SSRT071438",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "name": "24426",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24426"
        },
        {
          "name": "1018235",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018235"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://retrogod.altervista.org/win_speech_2k_sp4.html"
        },
        {
          "name": "ADV-2007-2153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2153"
        },
        {
          "name": "TA07-163A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:2031",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://retrogod.altervista.org/win_speech_xp_sp2.html"
        },
        {
          "name": "MS07-033",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
        },
        {
          "name": "HPSBST02231",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-2222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ie-speech-code-execution(34630)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
            },
            {
              "name": "35353",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35353"
            },
            {
              "name": "VU#507433",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/507433"
            },
            {
              "name": "25627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25627"
            },
            {
              "name": "4065",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/4065"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "24426",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24426"
            },
            {
              "name": "1018235",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018235"
            },
            {
              "name": "http://retrogod.altervista.org/win_speech_2k_sp4.html",
              "refsource": "MISC",
              "url": "http://retrogod.altervista.org/win_speech_2k_sp4.html"
            },
            {
              "name": "ADV-2007-2153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2153"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:2031",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
            },
            {
              "name": "http://retrogod.altervista.org/win_speech_xp_sp2.html",
              "refsource": "MISC",
              "url": "http://retrogod.altervista.org/win_speech_xp_sp2.html"
            },
            {
              "name": "MS07-033",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
            },
            {
              "name": "HPSBST02231",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-2222",
    "datePublished": "2007-06-12T19:00:00",
    "dateReserved": "2007-04-24T00:00:00",
    "dateUpdated": "2024-08-07T13:23:51.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3F2A51E-2675-4993-B9C2-F2D176A92857\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D47247A3-7CD7-4D67-9D9B-A94A504DA1BE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"644E2E89-F3E3-4383-B460-424D724EE62F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*\", \"matchCriteriaId\": \"E0BBA081-24D5-4990-882F-69CB05CC28CF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\", \"matchCriteriaId\": \"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"CD264C73-360E-414D-BE22-192F92E5A0A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"6881476D-81A2-4DFD-AC77-82A8D08A0568\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"D21D1DFE-F61B-407E-A945-4F42F86947B0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*\", \"matchCriteriaId\": \"D34A558F-A656-43EB-AC52-C3710F77CDD8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*\", \"matchCriteriaId\": \"F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (en la biblioteca Xvoice.dll), tal como son utilizados por Microsoft Internet Explorer  en las versiones 5.01, 6 y 7, permiten a los atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de un Objeto ActiveX que activa la corrupci\\u00f3n de la memoria, como se demuestra por medio del par\\u00e1metro ModeName a la funci\\u00f3n FindEngine en ACTIVEVOICEPROJECTLib.DirectSS.\"}]",
      "id": "CVE-2007-2222",
      "lastModified": "2024-11-21T00:30:13.810",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-06-12T19:30:00.000",
      "references": "[{\"url\": \"http://osvdb.org/35353\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://retrogod.altervista.org/win_speech_2k_sp4.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://retrogod.altervista.org/win_speech_xp_sp2.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/25627\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018235\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.exploit-db.com/exploits/4065\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/507433\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/24426\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2153\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34630\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://osvdb.org/35353\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://retrogod.altervista.org/win_speech_2k_sp4.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://retrogod.altervista.org/win_speech_xp_sp2.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/4065\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/507433\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24426\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2153\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34630\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2222\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-06-12T19:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (en la biblioteca Xvoice.dll), tal como son utilizados por Microsoft Internet Explorer  en las versiones 5.01, 6 y 7, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un Objeto ActiveX que activa la corrupci\u00f3n de la memoria, como se demuestra por medio del par\u00e1metro ModeName a la funci\u00f3n FindEngine en ACTIVEVOICEPROJECTLib.DirectSS.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F2A51E-2675-4993-B9C2-F2D176A92857\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47247A3-7CD7-4D67-9D9B-A94A504DA1BE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"644E2E89-F3E3-4383-B460-424D724EE62F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"E0BBA081-24D5-4990-882F-69CB05CC28CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*\",\"matchCriteriaId\":\"1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"CD264C73-360E-414D-BE22-192F92E5A0A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"6881476D-81A2-4DFD-AC77-82A8D08A0568\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"D21D1DFE-F61B-407E-A945-4F42F86947B0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"D34A558F-A656-43EB-AC52-C3710F77CDD8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*\",\"matchCriteriaId\":\"F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/35353\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://retrogod.altervista.org/win_speech_2k_sp4.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://retrogod.altervista.org/win_speech_xp_sp2.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/25627\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018235\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.exploit-db.com/exploits/4065\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/507433\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/24426\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2153\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34630\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/35353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://retrogod.altervista.org/win_speech_2k_sp4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://retrogod.altervista.org/win_speech_xp_sp2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/4065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/507433\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24426\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-263

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. L'exploitation de l'une d'elles permettrait à une personne malveillante de tromper l'utilisateur, voire d'exécuter des commandes arbitraires sur son système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci :

le navigateur ne crée pas correctement les instances de certains objets COM (Component Object Model) pour les utiliser comme contrôles ActiveX. Cette vulnérabilité, exploitée par le biais d'une page Web spécialement construite, permet à la personne malveillante de lancer des commandes arbitraires sur le système, avec les mêmes droits que l'utilisateur connecté. Internet Explorer 7 n'est cependant pas affecté par cette vulnérabilité ;
le navigateur ne manipule pas correctement certaines balises de style CSS (Cascading Style Sheets). Une page spécialement construite pourrait donc corrompre la mémoire du système, et permettre l'exécution de code ;
le navigateur ne gère pas correctement l'installation de plusieurs paquets linguistiques, pouvant entraîner une situation de compétition (race condition). Cette dernière permettrait à une personne malveillante d'exécuter du code arbitraire sur le système ;
le navigateur chercherait à accéder à un objet qui n'a pas été initialisé, ou qui a été préalablement supprimé. Ce problème peut être exploité par une personne malveillante pour, comme les précédentes vulnérabilités, exécuter du code arbitraire sur le système vulnérable ;
le navigateur ne gère pas correctement les modifications de la page d'annulation (cancel page). Une personne malveillante pourrait donc tromper l'utilisateur en lui présentant une autre page spécialement construite ;
le navigateur ne manipule pas correctement certains objets ActiveX liés à Microsoft Speech, un moyen d'interagir avec la machine pour les applications vocales.

Solution

Se référer au bulletin de sécurité MS07-033 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.
Microsoft	Windows	Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;
Microsoft	Windows	Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-033 du 12 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. Parmi celles-ci :\n\n-   le navigateur ne cr\u00e9e pas correctement les instances de certains\n    objets COM (Component Object Model) pour les utiliser comme\n    contr\u00f4les ActiveX. Cette vuln\u00e9rabilit\u00e9, exploit\u00e9e par le biais d\u0027une\n    page Web sp\u00e9cialement construite, permet \u00e0 la personne malveillante\n    de lancer des commandes arbitraires sur le syst\u00e8me, avec les m\u00eames\n    droits que l\u0027utilisateur connect\u00e9. Internet Explorer 7 n\u0027est\n    cependant pas affect\u00e9 par cette vuln\u00e9rabilit\u00e9 ;\n-   le navigateur ne manipule pas correctement certaines balises de\n    style CSS (Cascading Style Sheets). Une page sp\u00e9cialement construite\n    pourrait donc corrompre la m\u00e9moire du syst\u00e8me, et permettre\n    l\u0027ex\u00e9cution de code ;\n-   le navigateur ne g\u00e8re pas correctement l\u0027installation de plusieurs\n    paquets linguistiques, pouvant entra\u00eener une situation de\n    comp\u00e9tition (race condition). Cette derni\u00e8re permettrait \u00e0 une\n    personne malveillante d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me ;\n-   le navigateur chercherait \u00e0 acc\u00e9der \u00e0 un objet qui n\u0027a pas \u00e9t\u00e9\n    initialis\u00e9, ou qui a \u00e9t\u00e9 pr\u00e9alablement supprim\u00e9. Ce probl\u00e8me peut\n    \u00eatre exploit\u00e9 par une personne malveillante pour, comme les\n    pr\u00e9c\u00e9dentes vuln\u00e9rabilit\u00e9s, ex\u00e9cuter du code arbitraire sur le\n    syst\u00e8me vuln\u00e9rable ;\n-   le navigateur ne g\u00e8re pas correctement les modifications de la page\n    d\u0027annulation (cancel page). Une personne malveillante pourrait donc\n    tromper l\u0027utilisateur en lui pr\u00e9sentant une autre page sp\u00e9cialement\n    construite ;\n-   le navigateur ne manipule pas correctement certains objets ActiveX\n    li\u00e9s \u00e0 Microsoft Speech, un moyen d\u0027interagir avec la machine pour\n    les applications vocales.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-033 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0218"
    },
    {
      "name": "CVE-2007-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1750"
    },
    {
      "name": "CVE-2007-1499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1499"
    },
    {
      "name": "CVE-2007-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2222"
    },
    {
      "name": "CVE-2007-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1751"
    },
    {
      "name": "CVE-2007-3027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3027"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-263",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. L\u0027exploitation de l\u0027une d\u0027elles permettrait\n\u00e0 une personne malveillante de tromper l\u0027utilisateur, voire d\u0027ex\u00e9cuter\ndes commandes arbitraires sur son syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-033 du 12 juin 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx"
    }
  ]
}

CERTA-2007-AVI-263

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci :

le navigateur ne crée pas correctement les instances de certains objets COM (Component Object Model) pour les utiliser comme contrôles ActiveX. Cette vulnérabilité, exploitée par le biais d'une page Web spécialement construite, permet à la personne malveillante de lancer des commandes arbitraires sur le système, avec les mêmes droits que l'utilisateur connecté. Internet Explorer 7 n'est cependant pas affecté par cette vulnérabilité ;
le navigateur ne manipule pas correctement certaines balises de style CSS (Cascading Style Sheets). Une page spécialement construite pourrait donc corrompre la mémoire du système, et permettre l'exécution de code ;
le navigateur ne gère pas correctement l'installation de plusieurs paquets linguistiques, pouvant entraîner une situation de compétition (race condition). Cette dernière permettrait à une personne malveillante d'exécuter du code arbitraire sur le système ;
le navigateur chercherait à accéder à un objet qui n'a pas été initialisé, ou qui a été préalablement supprimé. Ce problème peut être exploité par une personne malveillante pour, comme les précédentes vulnérabilités, exécuter du code arbitraire sur le système vulnérable ;
le navigateur ne gère pas correctement les modifications de la page d'annulation (cancel page). Une personne malveillante pourrait donc tromper l'utilisateur en lui présentant une autre page spécialement construite ;
le navigateur ne manipule pas correctement certains objets ActiveX liés à Microsoft Speech, un moyen d'interagir avec la machine pour les applications vocales.

Solution

Se référer au bulletin de sécurité MS07-033 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.
Microsoft	Windows	Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;
Microsoft	Windows	Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-033 du 12 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. Parmi celles-ci :\n\n-   le navigateur ne cr\u00e9e pas correctement les instances de certains\n    objets COM (Component Object Model) pour les utiliser comme\n    contr\u00f4les ActiveX. Cette vuln\u00e9rabilit\u00e9, exploit\u00e9e par le biais d\u0027une\n    page Web sp\u00e9cialement construite, permet \u00e0 la personne malveillante\n    de lancer des commandes arbitraires sur le syst\u00e8me, avec les m\u00eames\n    droits que l\u0027utilisateur connect\u00e9. Internet Explorer 7 n\u0027est\n    cependant pas affect\u00e9 par cette vuln\u00e9rabilit\u00e9 ;\n-   le navigateur ne manipule pas correctement certaines balises de\n    style CSS (Cascading Style Sheets). Une page sp\u00e9cialement construite\n    pourrait donc corrompre la m\u00e9moire du syst\u00e8me, et permettre\n    l\u0027ex\u00e9cution de code ;\n-   le navigateur ne g\u00e8re pas correctement l\u0027installation de plusieurs\n    paquets linguistiques, pouvant entra\u00eener une situation de\n    comp\u00e9tition (race condition). Cette derni\u00e8re permettrait \u00e0 une\n    personne malveillante d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me ;\n-   le navigateur chercherait \u00e0 acc\u00e9der \u00e0 un objet qui n\u0027a pas \u00e9t\u00e9\n    initialis\u00e9, ou qui a \u00e9t\u00e9 pr\u00e9alablement supprim\u00e9. Ce probl\u00e8me peut\n    \u00eatre exploit\u00e9 par une personne malveillante pour, comme les\n    pr\u00e9c\u00e9dentes vuln\u00e9rabilit\u00e9s, ex\u00e9cuter du code arbitraire sur le\n    syst\u00e8me vuln\u00e9rable ;\n-   le navigateur ne g\u00e8re pas correctement les modifications de la page\n    d\u0027annulation (cancel page). Une personne malveillante pourrait donc\n    tromper l\u0027utilisateur en lui pr\u00e9sentant une autre page sp\u00e9cialement\n    construite ;\n-   le navigateur ne manipule pas correctement certains objets ActiveX\n    li\u00e9s \u00e0 Microsoft Speech, un moyen d\u0027interagir avec la machine pour\n    les applications vocales.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-033 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0218"
    },
    {
      "name": "CVE-2007-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1750"
    },
    {
      "name": "CVE-2007-1499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1499"
    },
    {
      "name": "CVE-2007-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2222"
    },
    {
      "name": "CVE-2007-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1751"
    },
    {
      "name": "CVE-2007-3027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3027"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-263",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. L\u0027exploitation de l\u0027une d\u0027elles permettrait\n\u00e0 une personne malveillante de tromper l\u0027utilisateur, voire d\u0027ex\u00e9cuter\ndes commandes arbitraires sur son syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-033 du 12 juin 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx"
    }
  ]
}

GHSA-J9HQ-MQC5-42VQ

Vulnerability from github – Published: 2022-05-01 18:01 – Updated: 2022-05-01 18:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-12T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.",
  "id": "GHSA-j9hq-mqc5-42vq",
  "modified": "2022-05-01T18:01:28Z",
  "published": "2022-05-01T18:01:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2222"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35353"
    },
    {
      "type": "WEB",
      "url": "http://retrogod.altervista.org/win_speech_2k_sp4.html"
    },
    {
      "type": "WEB",
      "url": "http://retrogod.altervista.org/win_speech_xp_sp2.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25627"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018235"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/4065"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/507433"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24426"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2153"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-2222

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2222

Aliases

CVE-2007-2222

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2222",
    "description": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.",
    "id": "GSD-2007-2222"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2222"
      ],
      "details": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.",
      "id": "GSD-2007-2222",
      "modified": "2023-12-13T01:21:37.478874Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-2222",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ie-speech-code-execution(34630)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
          },
          {
            "name": "35353",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35353"
          },
          {
            "name": "VU#507433",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/507433"
          },
          {
            "name": "25627",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25627"
          },
          {
            "name": "4065",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/4065"
          },
          {
            "name": "SSRT071438",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "24426",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24426"
          },
          {
            "name": "1018235",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018235"
          },
          {
            "name": "http://retrogod.altervista.org/win_speech_2k_sp4.html",
            "refsource": "MISC",
            "url": "http://retrogod.altervista.org/win_speech_2k_sp4.html"
          },
          {
            "name": "ADV-2007-2153",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2153"
          },
          {
            "name": "TA07-163A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:2031",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
          },
          {
            "name": "http://retrogod.altervista.org/win_speech_xp_sp2.html",
            "refsource": "MISC",
            "url": "http://retrogod.altervista.org/win_speech_xp_sp2.html"
          },
          {
            "name": "MS07-033",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
          },
          {
            "name": "HPSBST02231",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-2222"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://retrogod.altervista.org/win_speech_2k_sp4.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://retrogod.altervista.org/win_speech_2k_sp4.html"
            },
            {
              "name": "http://retrogod.altervista.org/win_speech_xp_sp2.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://retrogod.altervista.org/win_speech_xp_sp2.html"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "VU#507433",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/507433"
            },
            {
              "name": "24426",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24426"
            },
            {
              "name": "1018235",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1018235"
            },
            {
              "name": "25627",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25627"
            },
            {
              "name": "ADV-2007-2153",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2153"
            },
            {
              "name": "35353",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/35353"
            },
            {
              "name": "4065",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "http://www.exploit-db.com/exploits/4065"
            },
            {
              "name": "ie-speech-code-execution(34630)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
            },
            {
              "name": "oval:org.mitre.oval:def:2031",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
            },
            {
              "name": "MS07-033",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-07-23T15:05Z",
      "publishedDate": "2007-06-12T19:30Z"
    }
  }
}

FKIE_CVE-2007-2222

Vulnerability from fkie_nvd - Published: 2007-06-12 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/35353
secure@microsoft.com	http://retrogod.altervista.org/win_speech_2k_sp4.html
secure@microsoft.com	http://retrogod.altervista.org/win_speech_xp_sp2.html
secure@microsoft.com	http://secunia.com/advisories/25627	Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1018235
secure@microsoft.com	http://www.exploit-db.com/exploits/4065
secure@microsoft.com	http://www.kb.cert.org/vuls/id/507433	US Government Resource
secure@microsoft.com	http://www.securityfocus.com/archive/1/471947/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/24426
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/2153	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/34630
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35353
af854a3a-2127-422b-91ae-364da2661108	http://retrogod.altervista.org/win_speech_2k_sp4.html
af854a3a-2127-422b-91ae-364da2661108	http://retrogod.altervista.org/win_speech_xp_sp2.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25627	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018235
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/4065
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/507433	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471947/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24426
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2153	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34630
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031

Impacted products

Vendor	Product	Version
microsoft	windows_2000	*
microsoft	internet_explorer	5.01
microsoft	internet_explorer	6
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	sp2
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	internet_explorer	6
microsoft	internet_explorer	7.0
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	sp2
microsoft	internet_explorer	6
microsoft	internet_explorer	7.0
microsoft	windows_vista	*
microsoft	windows_vista	*
microsoft	internet_explorer	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
              "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*",
              "matchCriteriaId": "377F7D0C-6B44-4B90-BF90-DAF959880C6D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "E0BBA081-24D5-4990-882F-69CB05CC28CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
              "matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en los controles de voz (1) ActiveListen (en la biblioteca Xlisten.dll) y (2) ActiveVoice (en la biblioteca Xvoice.dll), tal como son utilizados por Microsoft Internet Explorer  en las versiones 5.01, 6 y 7, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un Objeto ActiveX que activa la corrupci\u00f3n de la memoria, como se demuestra por medio del par\u00e1metro ModeName a la funci\u00f3n FindEngine en ACTIVEVOICEPROJECTLib.DirectSS."
    }
  ],
  "id": "CVE-2007-2222",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-12T19:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/35353"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://retrogod.altervista.org/win_speech_2k_sp4.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://retrogod.altervista.org/win_speech_xp_sp2.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25627"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1018235"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.exploit-db.com/exploits/4065"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/507433"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/24426"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2153"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://retrogod.altervista.org/win_speech_2k_sp4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://retrogod.altervista.org/win_speech_xp_sp2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/4065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/507433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2222 (GCVE-0-2007-2222)

CERTA-2007-AVI-263

Description

Solution

CERTA-2007-AVI-263

Description

Solution

GHSA-J9HQ-MQC5-42VQ

GSD-2007-2222

FKIE_CVE-2007-2222

Tags

Sightings

Nomenclature