Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2024-43574 · Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

No description was published by MSRC.

Severity
Important
Impact
Remote Code Execution
CVSS
8.3 base · 7.2 temporal
Release
2024-10-08
Signals
Microsoft Windows Speech Remote Code Execution Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely
CWE
CWE-416: Use After Free
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
No description was published by MSRC.
FAQ / Articles
FAQ
How could an attacker exploit this vulnerability? An attacker could exploit a use after free vulnerability within the OS SAPI component to execute arbitrary code in the context of the compromised user to disclose sensitive information, compromise system integrity or impact the availability of the victim's system.
FAQ
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape.
FAQ
According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution.
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition.