Intrusion PreventionMS.Windows.Sapi.DLL.ActiveX.Access
Description
This indicates a possible attempt to exploit a remote code execution vulnerability in the Microsoft Speech Recognition feature.
The vulnerability is located in the "sapi.dll" ActiveX control. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Note that the Speech Recognition feature is disabled by default in Windows Vista.
Affected Products
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista
Windows Vista Service Pack 1
Windows Vista x64 Edition
Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch, available from the web site.
http://www.microsoft.com/technet/security/Bulletin/ms08-032.mspx
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 15655 |
| Created | Jun 10, 2008 |
| Updated | Apr 23, 2014 |
| Risk |
|
| CVE ID | CVE-2007-0675 |
| Exploit Prediction Score | 92.93% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |