Windows Vista voice command tricked Staff
Throwing your voice for fun and profit

It only took security researchers two days to find the first remotely exploitable flaw in Vista. But this one is stretching the definitions of both remote and flaw.

The issue came to light this week on the Dailydave mailing list

    Requires Free Membership to View

when a member asked whether the voice command capability in Vista could be tricked into running arbitrary code. The message suggested that an attacker could post an audio file on a Web site and then lure a user into going to the site, at which point the file would play and spew audio commands at the user's machine. The idea was kicked around refined for a day or so on the list until one member was able to make it work .

In order to make the trick work, the user would need to have voice command enabled on his PC and would also need to be somehow caught napping and not interfere during the execution of the commands. The attack is not able to bypass Vista's User Account Control, according to the messages on the list.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: