Details of VAR-201412-0110

ID

VAR-201412-0110

CVE

CVE-2014-9418

TITLE

Huawei eSpace Desktop of eSpace Meeting ActiveX Service disruption in control (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-007411

DESCRIPTION

The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. Huawei eSpace Desktop is a unified communications PC client developed by Huawei. A local attacker can exploit this issue to crash the application (typically Internet Explorer), denying service to legitimate users. It provides instant messaging, status presentation, personal address book, VoIP call, video call, file transfer, voice conference, Business applications such as data conferencing

Trust: 2.61

sources: NVD: CVE-2014-9418 // JVNDB: JVNDB-2014-007411 // CNVD: CNVD-2015-00030 // BID: 73353 // VULHUB: VHN-77363 // VULMON: CVE-2014-9418

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-00030

AFFECTED PRODUCTS

vendor:	huawei	model:	espace desktop	scope:	lte	version:	v200r001c03	Trust: 1.0
vendor:	huawei	model:	espace desktop	scope:	lt	version:	v100r001c03	Trust: 0.8
vendor:	huawei	model:	espace desktop <v100r001c03	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	espace desktop	scope:	eq	version:	v200r001c03	Trust: 0.6
vendor:	huawei	model:	espace uc v200r002c02	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	espace uc v200r002c01	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	espace uc v200r002	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	espace uc v200r001c50	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	espace uc v200r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	espace uc v100r002c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	espace uc v100r002	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	espace uc v100r001	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	espace desktop v200r001c03	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-00030 // BID: 73353 // JVNDB: JVNDB-2014-007411 // CNNVD: CNNVD-201412-547 // NVD: CVE-2014-9418

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9418
value:	LOW
Trust: 1.0
NVD:	CVE-2014-9418
value:	LOW
Trust: 0.8
CNVD:	CNVD-2015-00030
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201412-547
value:	LOW
Trust: 0.6
VULHUB:	VHN-77363
value:	LOW
Trust: 0.1
VULMON:	CVE-2014-9418
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2014-9418
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-00030
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-77363
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-00030 // VULHUB: VHN-77363 // VULMON: CVE-2014-9418 // JVNDB: JVNDB-2014-007411 // CNNVD: CNNVD-201412-547 // NVD: CVE-2014-9418

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-77363 // JVNDB: JVNDB-2014-007411 // NVD: CVE-2014-9418

THREAT TYPE

local

Trust: 0.9

sources: BID: 73353 // CNNVD: CNNVD-201412-547

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201412-547

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007411

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-9418

PATCH

title:	Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Producty	url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm	Trust: 0.8
title:	\302\240\302\240\302\240\302\240\302\240Huawei eSpace Desktop V200R001C03 Patch for Denial of Service Vulnerability (CNVD-2015-00030)	url:	https://www.cnvd.org.cn/patchInfo/show/53588	Trust: 0.6
title:	-	url:	https://github.com/jparadadev/python-value-objects	Trust: 0.1

sources: CNVD: CNVD-2015-00030 // VULMON: CVE-2014-9418 // JVNDB: JVNDB-2014-007411

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9418	Trust: 3.5
db:	PACKETSTORM	id:	152968	Trust: 1.8
db:	JVNDB	id:	JVNDB-2014-007411	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-547	Trust: 0.7
db:	CNVD	id:	CNVD-2015-00030	Trust: 0.6
db:	BID	id:	73353	Trust: 0.4
db:	VULHUB	id:	VHN-77363	Trust: 0.1
db:	EXPLOIT-DB	id:	46868	Trust: 0.1
db:	VULMON	id:	CVE-2014-9418	Trust: 0.1

sources: CNVD: CNVD-2015-00030 // VULHUB: VHN-77363 // VULMON: CVE-2014-9418 // BID: 73353 // JVNDB: JVNDB-2014-007411 // CNNVD: CNNVD-201412-547 // NVD: CVE-2014-9418

REFERENCES

url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-406589.htm	Trust: 2.4
url:	http://packetstormsecurity.com/files/152968/huawei-espace-1.1.11.103-meeting-heap-overflow.html	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9418	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9418	Trust: 0.8
url:	http://enterprise.huawei.com/en/products/coll-communication/union-comuni/uc/en_desktop.htm	Trust: 0.3
url:	http://www.huawei.com	Trust: 0.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-406589.htm	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/jparadadev/python-value-objects	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/46868	Trust: 0.1

sources: CNVD: CNVD-2015-00030 // VULHUB: VHN-77363 // VULMON: CVE-2014-9418 // BID: 73353 // JVNDB: JVNDB-2014-007411 // CNNVD: CNNVD-201412-547 // NVD: CVE-2014-9418

CREDITS

LiquidWorm

Trust: 0.6

sources: CNNVD: CNNVD-201412-547

SOURCES

db:	CNVD	id:	CNVD-2015-00030
db:	VULHUB	id:	VHN-77363
db:	VULMON	id:	CVE-2014-9418
db:	BID	id:	73353
db:	JVNDB	id:	JVNDB-2014-007411
db:	CNNVD	id:	CNNVD-201412-547
db:	NVD	id:	CVE-2014-9418

LAST UPDATE DATE

2025-04-12T23:30:44.410000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-00030	date:	2019-06-06T00:00:00
db:	VULHUB	id:	VHN-77363	date:	2019-05-20T00:00:00
db:	VULMON	id:	CVE-2014-9418	date:	2019-05-20T00:00:00
db:	BID	id:	73353	date:	2015-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-007411	date:	2015-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201412-547	date:	2019-05-21T00:00:00
db:	NVD	id:	CVE-2014-9418	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-00030	date:	2015-01-05T00:00:00
db:	VULHUB	id:	VHN-77363	date:	2014-12-24T00:00:00
db:	VULMON	id:	CVE-2014-9418	date:	2014-12-24T00:00:00
db:	BID	id:	73353	date:	2015-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-007411	date:	2015-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201412-547	date:	2014-12-31T00:00:00
db:	NVD	id:	CVE-2014-9418	date:	2014-12-24T18:59:14.980