Exploits / Vulnerability Discovered : 2019-05-20 |
Type : dos |
Platform : windows
This exploit / vulnerability Huawei espace 1.1.11.103 image file format handling buffer overflow is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability
Summary: Create more convenient Enhanced Communications (EC) services for your
enterprise with this suite of products. Huawei’s EC Suite (ECS) solution combines
voice, data, video, and service streams, and provides users with easy and secure
access to their service platform from any device, in any place, at any time. The
eSpace Meeting allows you to join meetings that support voice, data, and video
functions using the PC client, the tablet client, or an IP phone, or in a meeting
room with an MT deployed.
Desc: eSpace Meeting conference whiteboard functionality is vulnerable to a buffer
overflow issue when inserting known image file formats. Attackers can exploit this
issue to execute arbitrary code within the context of the affected application.
Failed exploit attempts will likely result in denial-of-service conditions.
Vuln modules (no DEP/ASLR):
C:\Program Files\eSpace-ecs\conf\cwbin\classmgr.dll
C:\Program Files\eSpace-ecs\conf\cwbin\MiniGDIEx.dll
Tested on: Microsoft Windows 7 Professional
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
PNG Decoder error msg:$s
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
(1874.2274): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=015d8998 edx=00000000 esi=015d8ab8 edi=00000000
eip=025f1b99 esp=032ccc88 ebp=032cd0c4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
*** WARNING: Unable to verify checksum for C:\Program Files\eSpace-ecs\conf\cwbin\classmgr.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\eSpace-ecs\conf\cwbin\classmgr.dll -
classmgr+0x11b99:
025f1b99 8b9868060000 mov ebx,dword ptr [eax+668h] ds:0023:00000668=????????
--
JPEG datastream contains no image
Improper call to JPEG library in state 200
(1f88.2768): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=a2afcfb5 edx=00000000 esi=0352e318 edi=000000cc
eip=0491b035 esp=0352e2c8 ebp=0352ed30 iopl=0 nv up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010297
*** WARNING: Unable to verify checksum for C:\Program Files\eSpace-ecs\conf\cwbin\MiniGDIEx.DLL
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\eSpace-ecs\conf\cwbin\MiniGDIEx.DLL -
MiniGDIEx!DllUnregisterServer+0x2f95:
0491b035 ff10 call dword ptr [eax] ds:0023:00000000=????????