1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Microsoft Windows Speech API CVE-2019-0985

Web Attack: Microsoft Windows Speech API CVE-2019-0985

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempt to execute arbitrary code in the context of an affected system.

Additional Information

Microsoft Windows Speech API is prone to a remote code-execution vulnerability because it fails to properly handle 'text-to-speech (TTS)' input. An attacker can exploit this issue by enticing a victim to open specially crafted file.

Note: To exploit this issue, an attacker requires to convince a user to open a specially crafted document containing 'TTS' content invoked through a scripting language.

An attacker can exploit this issue to execute arbitrary code in the context of an affected system.

Affected

  • Microsoft Windows Speech API on Windows 7 and Windows Server 2008.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube