Vulnerability Details CVE-2019-0985
A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.
To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language.
The update address the vulnerability by modifying how the system handles objects in memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.145
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2019-0985
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2