CVE-2007-2222: Buffer Overflow
First published: Tue Jun 12 2007(Updated: )
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2000 | =sp4 | |
| Internet Explorer | =5.01-sp4 | |
| Internet Explorer | =6-sp1 | |
| Microsoft Windows Server 2003 | =sp1 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Internet Explorer | =6 | |
| Internet Explorer | =7.0 | |
| Microsoft Windows Server 2003 | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp1 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Vista | =gold | |
| Microsoft Windows Vista | =gold |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://retrogod.altervista.org/win_speech_2k_sp4.html
- http://retrogod.altervista.org/win_speech_xp_sp2.html
- http://www.us-cert.gov/cas/techalerts/TA07-163A.html
- http://www.kb.cert.org/vuls/id/507433
- http://www.securityfocus.com/bid/24426
- http://securitytracker.com/id?1018235
- http://secunia.com/advisories/25627
- http://www.vupen.com/english/advisories/2007/2153
- http://osvdb.org/35353
- http://www.exploit-db.com/exploits/4065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34630
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
- http://www.securityfocus.com/archive/1/471947/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-2222?
CVE-2007-2222 has been classified as a critical vulnerability due to the potential for arbitrary code execution.
How can I fix CVE-2007-2222?
To address CVE-2007-2222, it is recommended to apply the latest security updates or patches provided by Microsoft for the affected versions of Internet Explorer.
Which software versions are affected by CVE-2007-2222?
CVE-2007-2222 impacts Internet Explorer versions 5.01, 6, and 7 on specific Windows platforms including Windows 2000 and Windows XP.
What types of attacks can exploit CVE-2007-2222?
Attackers can exploit CVE-2007-2222 using crafted ActiveX objects that cause buffer overflows, leading to memory corruption.
Is there a workaround for CVE-2007-2222 if I cannot apply a patch?
If a patch cannot be applied, disabling ActiveX controls in Internet Explorer can serve as a temporary workaround to mitigate the risk from CVE-2007-2222.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/internet explorer
- version/internet explorer/5.01-sp4
- version/internet explorer/6-sp1
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp1
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/internet explorer/6
- version/internet explorer/7.0
- canonical/microsoft windows vista
- version/microsoft windows vista/gold