1. Home
  2. CVE Database
  3. CVE-2007-0675
HIGH · 7.6

CVE-2007-0675

A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to del...

Vulnerability Description

A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.

CVSS Score

7.6

HIGH

AV:N/AC:H/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftWindows VistaAll versions

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2007-0675?

CVE-2007-0675 is a vulnerability with a CVSS score of 7.6 (HIGH). A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to del...

How severe is CVE-2007-0675?

CVE-2007-0675 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-0675?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Vista.