← Back

CVE-2019-0985

nvd nist
Published: Jun 12, 2019Modified: May 20, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD (Secondary)

Description

A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language. The update address the vulnerability by modifying how the system handles objects in memory.

Affected (3)

Microsoft
2 products
Windows 7
Windows Server 2008
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Windows 7
All versions
Microsoft
Windows Server 2008
Version r2 sp1
Windows Server 2008
Version r2 sp1

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.