Microsoft Speech API Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language. The update address the vulnerability by modifying how the system handles objects in memory.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

N/A

Microsoft Speech API 缓冲区错误漏洞

Microsoft Windows和Microsoft Windows Server都是美国微软（Microsoft）公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Speech API (SAPI)是其中的一个语音应用程序编程接口。 Microsoft Speech API (SAPI)中存在远程代码执行漏洞，该漏洞源于程序没有正确处理TTS输入。攻击者可利用该漏洞执行任意代码，造成内存损坏。以下产品及版本

N/A

N/A