Security
Headlines
HeadlinesLatestCVEs

Tag

#Microsoft Windows Speech

CVE-2024-43574: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit a use after free vulnerability within the OS SAPI component to execute arbitrary code in the context of the compromised user to disclose sensitive information, compromise system integrity or impact the availability of the victim's system.

Microsoft Security Response Center
#vulnerability#microsoft#rce#sap#Microsoft Windows Speech#Security Vulnerability
CVE-2024-30097: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?** An unauthorized attacker must wait for a user to initiate a connection.

CVE-2023-36719: Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.