Fortinet Discovers Critical Vulnerability

Fortinet discovers critical vulnerability affecting Microsoft Speech Engines

June 12, 2007

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

SUNNYVALE, Calif. -- Fortinet® – the pioneer and leading provider of unified threat management (UTM) solutions – today announced that its Fortinet Global Security Research Team was key in discovering one of the latest Microsoft™ critical vulnerabilities (CVE-2007-2222), called the “Speech Control Memory Corruption Vulnerability,” which impacts users of Microsoft Speech™.

The two remote buffer overflow vulnerabilities exist in the “xvoice.dll” ActiveX component of Microsoft Speech version 4.0a, which can allow an attacker to execute arbitrary code on the affected system by exploiting either vulnerability. This, in turn, allows an attacker to take full control of a victim’s system.

“Anything that allows the execution of arbitrary code from a remote source leaves a user open to cyber attackers exploiting and capitalizing on the vulnerability,” said Steve Fossen, manager of threat research at Fortinet. “Users should always install all updates for the software they’re using and protect their connected computers with threat mitigation solutions; otherwise they’re donating their resources to the hackers and spammers of the world.”

Fortinet Inc.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights