CVE-2007-0675

{"id": "CVE-2007-0675", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-02-03T01:28:00.000", "references": [{"url": "http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx", "source": "cve@mitre.org"}, {"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html", "source": "cve@mitre.org"}, {"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004005.html", "source": "cve@mitre.org"}, {"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004007.html", "source": "cve@mitre.org"}, {"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/004012.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=121380194923597&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30578", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22359", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1020232", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1779/references", "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-032", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5489", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer."}, {"lang": "es", "value": "Un cierto control ActiveX en la biblioteca sapi.dll (tambi\u00e9n se conoce como la API Speech) en Speech Components en Microsoft Windows Vista, cuando la funcionalidad Speech Recognition est\u00e1 habilitada, permite a atacantes remotos asistidos por el usuario eliminar archivos arbitrarios y realizar otras actividades no autorizadas, por medio de una p\u00e1gina web con un objeto de sonido integrado que contiene comandos de voz en un micr\u00f3fono habilitado, lo que permite la interacci\u00f3n con el Explorador de Windows."}], "lastModified": "2018-10-12T21:42:46.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:32_bit:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC3161FD-F631-405A-BE3A-0B78D5DCD7B2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}