CVE-2007-0675

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista (affected versions not specified)

Description The issue concerns a certain ActiveX control in sapi.dll, which is part of the Speech Components in Microsoft Windows. When the Speech Recognition feature is enabled, it allows remote attackers to perform unauthorized activities, including deleting arbitrary files. This can be achieved through a web page with an embedded sound object containing voice commands, which interact with an enabled microphone and subsequently with Windows Explorer.

Recommendations For Microsoft Windows Vista, consider disabling the Speech Recognition feature until a fix is available. As a temporary workaround, restrict access to the microphone when the Speech Recognition feature is enabled to minimize the risk of exploitation. Avoid interacting with Windows Explorer via voice commands from web pages with embedded sound objects.