DLL Hijacking Vulnerabilities in Huawei eSpace Desktop Software
CVE-2014-9416

Currently unrated

Key Information:

Vendor: Huawei
Status: Espace Desktop
Vendor: CVE Published:; 24 December 2014

What is CVE-2014-9416?

Multiple untrusted search path vulnerabilities exist in the Huawei eSpace Desktop software, affecting versions prior to V200R003C00. These vulnerabilities enable local users to execute arbitrary code by leveraging Trojan horse DLLs, including mfc71enu.dll, mfc71loc.dll, tcapi.dll, or airpcap.dll. This situation allows attackers to conduct DLL hijacking attacks, posing a significant security risk to users operating the compromised software.

References

http://www.huawei.com/en/security/psirt/security-bulletin...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/152966/Huawei-eSpace...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2014
Vulnerability Reserved
Dec 24, 2014