Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Fortinet Discovers Critical Vulnerability Affecting Microsoft Speech Engines

  • 13 June, 2007 15:14

<p>Fortinet® – the pioneer and leading provider of unified threat management (UTM) solutions – today announced that its Fortinet Global Security Research Team was key in discovering one of the latest Microsoft™ critical vulnerabilities (CVE-2007-2222), called the “Speech Control Memory Corruption Vulnerability,” which impacts users of Microsoft Speech™.</p>
<p>The two remote buffer overflow vulnerabilities exist in the “xvoice.dll” ActiveX component of Microsoft Speech version 4.0a, which can allow an attacker to execute arbitrary code on the affected system by exploiting either vulnerability. This, in turn, allows an attacker to take full control of a victim’s system.</p>
<p>“Anything that allows the execution of arbitrary code from a remote source leaves a user open to cyber attackers exploiting and capitalizing on the vulnerability,” said Steve Fossen, manager of threat research at Fortinet. “Users should always install all updates for the software they’re using and protect their connected computers with threat mitigation solutions; otherwise they’re donating their resources to the hackers and spammers of the world.”
Microsoft Speech users should immediately apply the update provided by Microsoft on June 12, 2007. The Fortinet Global Security Team was critical in discovering these vulnerabilities, as noted in the Microsoft Security Bulletin http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx. For more information on this vulnerability, please visit http://fortiguardcenter.com/advisory/FGA-2007-08.html.</p>
<p>For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.</p>
<p>About Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated multi-threat security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and antispam--providing customers a way to help protect against multiple threats as well as blended threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified eight times over by ICSA Labs (firewall, antivirus, IPSec, SSL, IPS, client antivirus detection, cleaning and antispyware). Fortinet is privately held and based in Sunnyvale, California.
# # #
Fortinet is a registered trademark of Fortinet, Inc. Fortinet, FortiGate, FortiOS, FortiAnalyzer, FortiASIC, FortiCare, FortiManager, FortiWiFi, FortiGuard, FortiClient, and FortiReporter are trademarks of the Fortinet, Inc. in the United States and/or other countries. All other trademarks referred to herein are the property of their respective owners.</p>
<p>Media contact:
Sebastian Rice,
02 9959 1991,
seb@silverspan.com,
www.silverspan.com</p>

Most Popular

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place