Microsoft Speech API ActiveX control Exploit

This module exploits a vulnerability in XVoice.dll included in the Microsoft Text to Speech Control. The exploit is triggered when the FindEngine() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Wednesday, June 13, 2007 - 19:00