Vista: Getting in Trouble With Speech Recognition
Hello computer...
http://www.microsoft-watch.com/content/security/vista_please_dont_listen_to_me.html?kc=MWRSS02129TX1K0000535Sometimes, bugs are just too funny to not talk about. Of course we expected a fair share of gotchas with Vista that would have slipped through testing, and this is one I can't imagine anyone in QA would have thought to build a test case for. Turns out, if you have speech recognition turned on in Vista, and are using speakers instead of a headset, the possibility exists for someone to play an audio file on your computer that will cause your computer to run unauthorized tasks.
Granted, the commands are limited, and if you have UAC activated, it should block anything too bad from happening. The vulnerability is also dependent on a user having speech recognition on, a microphone plugged in, and their speakers on loud enough for the microphone to adequately pick it up, so it's not so much a general vulnerability as it is something that is only likely to happen if the stars and planets all align perfectly.
Could be an issue though for gamers who regularly use VoIP software and are likely to kill UAC at the first opportunity.
I wonder how many kids on TeamSpeak or Ventrillo will giggle with glee as they say "search porn" over the channel, to mess with their buddies.
