Vulnerabilities > CVE-2014-9416 - DLL Loading Multiple Local Code Execution vulnerability in Huawei eSpace Desktop

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

huawei

exploit available

NVD

Published: 2014-12-24

Updated: 2019-05-20

Summary

Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

Vulnerable Configurations

Part	Description	Count
Application	Huawei Huawei Espace Desktop V100R001C02 Huawei Espace Desktop V100R001C03 Huawei Espace Desktop V200R001C03 Huawei Espace Desktop V200R003C00	4

Exploit-Db

id	EDB-ID:46866
last seen	2019-05-20
modified	2019-05-20
published	2019-05-20
reporter	Exploit-DB
source	https://www.exploit-db.com/download/46866
title	Huawei eSpace 1.1.11.103 - DLL Hijacking

Packetstorm

data source	https://packetstormsecurity.com/files/download/152966/espace_dll.txt
id	PACKETSTORM:152966
last seen	2019-05-21
published	2019-05-17
reporter	LiquidWorm
source	https://packetstormsecurity.com/files/152966/Huawei-eSpace-1.1.11.103-DLL-Hijacking.html
title	Huawei eSpace 1.1.11.103 DLL Hijacking

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References