Fortinet發現嚴重影響微軟語音引擎的安全漏洞

Fortinet Discovers Critical Vulnerability Affecting Microsoft Speech Engines

MALAYSIA, 13 June 2007– Fortinet – the pioneer and leading provider of unified threat management (UTM) solutions – today announced that its Fortinet Global Security Research Team was key in discovering one of the latest Microsoft critical vulnerabilities (CVE-2007-2222), called the “Speech Control Memory Corruption Vulnerability,” which impacts users of Microsoft Speech.

The two remote buffer overflow vulnerabilities exist in the “xvoice.dll” ActiveX component of Microsoft Speech version 4.0a, which can allow an attacker to execute arbitrary code on the affected system by exploiting either vulnerability. This, in turn, allows an attacker to take full control of a victim’s system.

“Anything that allows the execution of arbitrary code from a remote source leaves a user open to cyber attackers exploiting and capitalizing on the vulnerability,” said Steve Fossen, manager of threat research at Fortinet. “Users should always install all updates for the software they’re using and protect their connected computers with threat mitigation solutions; otherwise they’re donating their resources to the hackers and spammers of the world.”

Microsoft Speech users should immediately apply the update provided by Microsoft on June 12, 2007. The Fortinet Global Security Team was critical in discovering these vulnerabilities, as noted in the Microsoft Security Bulletin http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx. For more information on this vulnerability, please visit http://fortiguardcenter.com/advisory/FGA-2007-08.html.

For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.