Microsoft confirms Vista Speech Recognition remote execution flaw

Published by

Thanks for your patience as I looked into this. I heard back from the folks at the MSRC, and they let me know that Microsoft is investigating public reports of a possible vulnerability in Windows Vista?s speech recognition feature. Microsoft?s initial investigation reveals that this vulnerability could allow an attacker to use the speech recognition feature in Windows Vista to verbally execute commands on a user?s computer. The attackers? commands are limited to the rights of the logged on user. User Account Control prohibits the attacker from executing any administrative level commands. Read on at ZdNet