NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0207 Microsoft Speech Hit by Serious Flaws:

According to researchers major security flaws have hit Microsoft's speech-control engines. Microsoft Speech is the company's software for voice recognition and text-to-voice, a technology the company is modernizing with the acquisition of Tellme Networks a month ago. Besides allowing visually impaired users to interact with Windows, the technology is designed to run automated telephone response systems. According to the researchers a specially crafted ActtiveX object triggering memory corruption could exploit the ActiveX controls used by Microsoft Speech version 4.0a to interact with Internet Explorer, xlisten.dll, and xvoice.dll. This corruption could allow attackers to take full control of a victim's system, according to Fortinet, which discovered the xvoice.dll bug. Internet Explorer 7 and older versions use the controls. According to some industry observers, such vulnerabilities - affecting client-side software rather than servers - are becoming the primary target of attackers. The bug was one of many critical flaws patched with Microsoft's monthly security update on Tuesday.

(TechWorld 13JUN07)

Last Modified: Wednesday, 20-Jun-2007 10:41:12 EDT