Huawei TechnologiesHUAWEI-SA-20141217-ESPACESecurity Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
40.3%
Huawei eSpace Desktop products have the following vulnerabilities:
- The program does not implement comprehensive validity check on the QES file imported into the system, causing the system to exit unexpectedly. (Vulnerability ID: HWPSIRT-2014-1151)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9415.
- DLL hijacking vulnerability (mfc71enu.dll & mfc71loc.dll). (Vulnerability ID: HWPSIRT-2014-1153)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9416.
- DLL hijacking vulnerability (tcapi.dll & airpcap.dll). (Vulnerability ID: HWPSIRT-2014-1154)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9416.The CVE ID is same with HWPSIRT-2014-1153.
- Upon the import of invalid image files in eSpace Meeting, the system exits unexpectedly. (Vulnerability ID: HWPSIRT-2014-1156)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9417.
- The eSpace Meeting ActiveX control has a memory overflow vulnerability. (Vulnerability ID: HWPSIRT-2014-1157)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-9418.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| espace desktop | lt | V100R001C03 |
Related
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
40.3%