CVE-2007-2222

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 through 7

Description The issue is related to multiple buffer overflows in speech controls used by Microsoft Internet Explorer, allowing remote attackers to execute arbitrary code via a crafted ActiveX object. This can trigger memory corruption, potentially demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. A remote code execution vulnerability exists in a component of Microsoft Speech API 4, which could be exploited by constructing a specially crafted Web page, allowing an attacker to take complete control of an affected system.

Recommendations For Microsoft Internet Explorer versions 5.01 through 7, consider disabling the ActiveListen and ActiveVoice speech controls until a patch is available. As a temporary workaround, avoid using the ModeName parameter in the affected FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS to minimize the risk of exploitation.