Lucene search

MicrosoftCVE-2007-2222

HistoryJun 12, 2007 - 7:30 p.m.

CVE-2007-2222

2007-06-1219:30:00

CWE-119

microsoft

web.nvd.nist.gov

cve-2007-2222

buffer overflow

activex

remote code execution

memory corruption

internet explorer

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.964

Percentile

99.6%

JSON

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.

Affected configurations

Nvd

Node

microsoftwindows_2000sp4

AND

microsoftinternet_explorerMatch5.01sp4

microsoftinternet_explorerMatch6sp1

Node

microsoftwindows_2003_serverMatchsp1

microsoftwindows_2003_serverMatchsp2

microsoftwindows_xpprofessional_x64

microsoftwindows_xpsp2

microsoftwindows_xpsp2professional_x64

AND

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch7.0

Node

microsoftwindows_2003_serverx64

microsoftwindows_2003_serversp2x64

microsoftwindows_2003_serverMatchsp1itanium

microsoftwindows_2003_serverMatchsp2itanium

AND

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch7.0

Node

microsoftwindows_vistagold

microsoftwindows_vistagoldx64

AND

microsoftinternet_explorerMatch7.0

VendorProductVersionCPE
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftinternet_explorer5.01cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
microsoftwindows_2003_serversp1cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
microsoftwindows_2003_serversp2cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftinternet_explorer7.0cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_2000	*	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
microsoft	internet_explorer	5.01	cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
microsoft	windows_2003_server	sp1	cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::*
microsoft	windows_2003_server	sp2	cpe:2.3:o:microsoft:windows_2003_server:sp2:::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp:::professional_x64:::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2:professional_x64:::::
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
microsoft	internet_explorer	7.0	cpe:2.3:a:microsoft:internet_explorer:7.0:::::::*