huawei espace_desktop Security Vulnerabilities

5 Vulnerabilities

Description
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. Impacted versions: * Base Score: 2.1, Severity: LOW, ID: CVE-2014-9418, Last Modified: 2019-05-20T17:29:00Z References Vendor Advisory
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. Impacted versions: * Base Score: 2.1, Severity: LOW, ID: CVE-2014-9417, Last Modified: 2019-05-20T17:29:00Z References Vendor Advisory
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. Impacted versions: * Base Score: 1.9, Severity: LOW, ID: CVE-2014-9415, Last Modified: 2019-05-20T17:29:00Z References Patch Patch
<a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>~Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll. Impacted versions: * Base Score: 4.4, Severity: MEDIUM, ID: CVE-2014-9416, Last Modified: 2019-05-20T17:29:00Z References Vendor Advisory
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. Impacted versions: 300r001c00, 300r001c50 Base Score: 3.5, Severity: LOW, ID: CVE-2018-7976, Last Modified: 2018-07-05T17:00:00Z References Vendor Advisory

Description

The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.

Impacted versions: *

Base Score: 2.1, Severity: LOW, ID: CVE-2014-9418, Last Modified: 2019-05-20T17:29:00Z

References

Vendor Advisory

The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.

Impacted versions: *

Base Score: 2.1, Severity: LOW, ID: CVE-2014-9417, Last Modified: 2019-05-20T17:29:00Z

References

Vendor Advisory

Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.

Impacted versions: *

Base Score: 1.9, Severity: LOW, ID: CVE-2014-9415, Last Modified: 2019-05-20T17:29:00Z

References

Patch Patch

<a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>~Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll.

Impacted versions: *

Base Score: 4.4, Severity: MEDIUM, ID: CVE-2014-9416, Last Modified: 2019-05-20T17:29:00Z

References

Vendor Advisory

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.

Impacted versions: 300r001c00, 300r001c50

Base Score: 3.5, Severity: LOW, ID: CVE-2018-7976, Last Modified: 2018-07-05T17:00:00Z

References

Vendor Advisory

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.