Sign-up

ID

VAR-201412-0108


CVE

CVE-2014-9416


TITLE

Huawei eSpace Desktop Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-007409

DESCRIPTION

Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. Huawei eSpace Desktop is a unified communications PC client developed by Huawei. Huawei eSpace Desktop is prone to multiple local arbitrary code-execution vulnerabilities. Failed attempts may lead to denial-of-service conditions. Versions prior to Huawei eSpace Desktop V200R003C00 are vulnerable. It provides instant messaging, status presentation, personal address book, VoIP call, video call, file transfer, voice conference, Business applications such as data conferencing

Trust: 2.52

sources: NVD: CVE-2014-9416 // JVNDB: JVNDB-2014-007409 // CNVD: CNVD-2015-00028 // BID: 73350 // VULHUB: VHN-77361

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-00028

AFFECTED PRODUCTS

vendor:huaweimodel:espace desktopscope:lteversion:v200r003c00

Trust: 1.0

vendor:huaweimodel:espace desktopscope:ltversion:v200r003c00

Trust: 0.8

vendor:huaweimodel:espace desktop <v100r001c03scope: - version: -

Trust: 0.6

vendor:huaweimodel:espace desktopscope:eqversion:v200r003c00

Trust: 0.6

vendor:huaweimodel:espace desktop v200r001c03scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace desktop v200r001scope: - version: -

Trust: 0.3

vendor:huaweimodel:espace desktop v200r003c00scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2015-00028 // BID: 73350 // JVNDB: JVNDB-2014-007409 // CNNVD: CNNVD-201412-545 // NVD: CVE-2014-9416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9416
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-9416
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-00028
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201412-545
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77361
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9416
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-00028
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77361
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-00028 // VULHUB: VHN-77361 // JVNDB: JVNDB-2014-007409 // CNNVD: CNNVD-201412-545 // NVD: CVE-2014-9416

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-007409 // NVD: CVE-2014-9416

THREAT TYPE

local

Trust: 0.9

sources: BID: 73350 // CNNVD: CNNVD-201412-545

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201412-545

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007409

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-77361

PATCH
title:Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Productyurl:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm
Trust: 0.8
title:Huawei eSpace Desktop V200R003C00 has multiple patches for untrusted search path vulnerabilities.url:https://www.cnvd.org.cn/patchInfo/show/53586
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-00028 // 
            
            
            
            JVNDB: JVNDB-2014-007409

EXTERNAL IDS
db:NVDid:CVE-2014-9416
Trust: 3.4
db:PACKETSTORMid:152966
Trust: 1.7
db:JVNDBid:JVNDB-2014-007409
Trust: 0.8
db:CNNVDid:CNNVD-201412-545
Trust: 0.7
db:CNVDid:CNVD-2015-00028
Trust: 0.6
db:BIDid:73350
Trust: 0.4
db:VULHUBid:VHN-77361
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-00028 // 
            
            
            
            VULHUB: VHN-77361 // 
            
            
            
            BID: 73350 // 
            
            
            
            JVNDB: JVNDB-2014-007409 // 
            
            
            
            CNNVD: CNNVD-201412-545 // 
            
            
            
            NVD: CVE-2014-9416

REFERENCES
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm
Trust: 2.3
url:http://packetstormsecurity.com/files/152966/huawei-espace-1.1.11.103-dll-hijacking.html
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9416
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9416
Trust: 0.8
url:http://enterprise.huawei.com/en/products/coll-communication/union-comuni/uc/en_desktop.htm
Trust: 0.3
url:http://www.huawei.com
Trust: 0.3
url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-406589.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-00028 // 
            
            
            
            VULHUB: VHN-77361 // 
            
            
            
            BID: 73350 // 
            
            
            
            JVNDB: JVNDB-2014-007409 // 
            
            
            
            CNNVD: CNNVD-201412-545 // 
            
            
            
            NVD: CVE-2014-9416

CREDITS
LiquidWorm
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201412-545

SOURCES
db:CNVDid:CNVD-2015-00028
db:VULHUBid:VHN-77361
db:BIDid:73350
db:JVNDBid:JVNDB-2014-007409
db:CNNVDid:CNNVD-201412-545
db:NVDid:CVE-2014-9416

LAST UPDATE DATE
2025-04-12T23:35:08.469000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-00028date:2015-01-05T00:00:00
db:VULHUBid:VHN-77361date:2019-05-20T00:00:00
db:BIDid:73350date:2015-04-13T21:10:00
db:JVNDBid:JVNDB-2014-007409date:2015-01-05T00:00:00
db:CNNVDid:CNNVD-201412-545date:2019-05-21T00:00:00
db:NVDid:CVE-2014-9416date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-00028date:2015-01-05T00:00:00
db:VULHUBid:VHN-77361date:2014-12-24T00:00:00
db:BIDid:73350date:2015-03-20T00:00:00
db:JVNDBid:JVNDB-2014-007409date:2015-01-05T00:00:00
db:CNNVDid:CNNVD-201412-545date:2014-12-31T00:00:00
db:NVDid:CVE-2014-9416date:2014-12-24T18:59:13.403