| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2019-0985 | Microsoft Speech API Remote Code Execution Vulnerability | Windows 7 | Critical | 12-06-2019 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.
Detailed Information on the risk:
To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language.
The update address the vulnerability by modifying how the system handles objects in memory.
Further information on this exploit is available at : CVE-2019-0985
Affected Software
Windows 7 for 32-bit Systems Service Pack 1,
Windows 7 for x64-based Systems Service Pack 1,
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1,
Windows Server 2008 R2 for x64-based Systems Service Pack 1