Microsoft Speech API Remote Code Execution Vulnerability - CVE-2019-0985ID: oval:org.secpod.oval:def:55393 | Date: (C)2019-06-12 (M)2022-11-24 |
Class: VULNERABILITY | Family: windows |
A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language.The update address the vulnerability by modifying how the system handles objects in memory.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2008 R2 |