1. Home
  2. CVE Database
  3. CVE-2007-2222
HIGH · 9.3

CVE-2007-2222

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execu...

Vulnerability Description

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftWindows 2000All versions
MicrosoftInternet Explorer5.01
MicrosoftWindows 2003 Serversp1
MicrosoftWindows XpAll versions
MicrosoftWindows VistaAll versions

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2007-2222?

CVE-2007-2222 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execu...

How severe is CVE-2007-2222?

CVE-2007-2222 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-2222?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Internet Explorer, Microsoft Windows 2003 Server, Microsoft Windows Xp, Microsoft Windows Vista.