Unrated severityNVD Advisory· Published Jun 12, 2019· Updated May 20, 2025

Microsoft Speech API Remote Code Execution Vulnerability

CVE-2019-0985

Description

A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language. The update address the vulnerability by modifying how the system handles objects in memory.

Affected products

Microsoft/Windows 7cpe-rescue
Range: 6.1.0
Microsoft/Windows CSC Servicecpe-rescue
Range: 6.1.0
Microsoft/Windows Server 2008cpe-rescue
Range: 6.1.7601.0
Microsoft/Windows Server 2008 R2 Service Pack 1 (Server Core installation)v5
Range: 6.1.7601.0
Microsoft/Windows Server 2008 R2 Systems Service Pack 1v5
Range: 6.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0985mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000