Unrated severityNVD Advisory· Published Jun 12, 2007· Updated Apr 23, 2026

CVE-2007-2222

Description

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.

Affected products

Microsoft/Internet Explorer4 versions
cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/25627nvdVendor Advisory
www.vupen.com/english/advisories/2007/2153nvdVendor Advisory
www.kb.cert.org/vuls/id/507433nvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA07-163A.htmlnvdUS Government Resource
osvdb.org/35353nvd
retrogod.altervista.org/win_speech_2k_sp4.htmlnvd
retrogod.altervista.org/win_speech_xp_sp2.htmlnvd
securitytracker.com/idnvd
www.exploit-db.com/exploits/4065nvd
www.securityfocus.com/archive/1/471947/100/0/threadednvd
www.securityfocus.com/bid/24426nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033nvd
exchange.xforce.ibmcloud.com/vulnerabilities/34630nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2031nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.051
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000