Fortinet Discovers Microsoft Critical Vulnerability

• Email
• Print
• ( 0 )
• 

Fortinet announced that its Fortinet Global Security Research Team was key in discovering one of the latest Microsoft critical vulnerabilities (CVE-2007-2222).

Fortinet – the pioneer and leading provider of unified threat management (UTM) solutions –announced that its Fortinet Global Security Research Team was key in discovering one of the latest Microsoft critical vulnerabilities (CVE-2007-2222), called the “Speech Control Memory Corruption Vulnerability,� which impacts users of Microsoft Speech.

The two remote buffer overflow vulnerabilities exist in the “xvoice.dll� ActiveX component of Microsoft Speech version 4.0a, which can allow an attacker to execute arbitrary code on the affected system by exploiting either vulnerability. This, in turn, allows an attacker to take full control of a victim’s system.

“Anything that allows the execution of arbitrary code from a remote source leaves a user open to cyber attackers exploiting and capitalizing on the vulnerability,� said Manager of Threat Research at Fortinet, Steve Fossen. “Users should always install all updates for the software they’re using and

protect their connected computers with threat mitigation solutions; otherwise they’re donating their resources to the hackers and spammers of the world.�

Microsoft Speech users should immediately apply the update provided by Microsoft on June 12, 2007. The Fortinet Global Security Team was critical in discovering these vulnerabilities, as noted in the Microsoft Security Bulletin.