Exploits / Vulnerability Discovered : 2019-05-20 |
Type : dos |
Platform : windows
This exploit / vulnerability Huawei espace 1.1.11.103 contactsctrl.dll / espacestatusctrl.dll activex heap overflow is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
Huawei eSpace Meeting ContactsCtrl.dll and eSpaceStatusCtrl.dll ActiveX Heap Overflow
Summary: Create more convenient Enhanced Communications (EC) services for your
enterprise with this suite of products. Huawei’s EC Suite (ECS) solution combines
voice, data, video, and service streams, and provides users with easy and secure
access to their service platform from any device, in any place, at any time. The
eSpace Meeting allows you to join meetings that support voice, data, and video
functions using the PC client, the tablet client, or an IP phone, or in a meeting
room with an MT deployed.
Desc: eSpace Meeting suffers from a heap-based memory overflow vulnerability when parsing
large amount of bytes to the 'strNum' string parameter in GetNameyNum() in 'ContactsCtrl.dll'
and 'strName' string parameter in SetUserInfo() in eSpaceStatusCtrl.dll library, resulting
in heap memory corruption. An attacker can gain access to the system of the affected node
and execute arbitrary code.