Severity rating


Discovered date

Attack vector

Authentication required

Public exploits available

Signature detection

On this page


A remote code execution vulnerability exists in a component of Microsoft Speech API 4. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.


An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Technical details (analysis)

Microsoft Speech is a technology for speech-based interaction with Windows-based computers. Microsoft Speech SDKs provide continuous speech recognition and text-to-speech engines, tools, sample source code, and information needed for developing speech-enabled applications for Windows.When the ActiveX object is used in Internet Explorer, the object may corrupt the system state in such a way that an attacker could execute arbitrary code. An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. This can also include compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger request that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

Affected software

Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1.
Internet Explorer 6.
Internet Explorer 7

Non-affected software

All applications not on the affected list.



NIS signature

Name: Exploit:Win/COM.SCM.RCE!CVE-2007-2222
Release Date: 2007-06-12T00:00:00

Known false positives

No known false positives at this time.


Prevent COM objects from running in Internet Explorer