CVE-2014-9418

Huawei eSpace Desktop <V200R001C03 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9418. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a heap-based buffer overflow in Huawei eSpace Meeting's ActiveX controls (ContactsCtrl.dll and eSpaceStatusCtrl.dll) by passing excessively long strings to vulnerable methods, leading to memory corruption and potential arbitrary code execution.

Description

The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textdoswindows
https://www.exploit-db.com/exploits/46868

This exploit demonstrates a heap-based buffer overflow in Huawei eSpace Meeting's ActiveX controls (ContactsCtrl.dll and eSpaceStatusCtrl.dll) by passing excessively long strings to vulnerable methods, leading to memory corruption and potential arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Huawei eSpace Meeting (eSpace ECS, eSpace Desktop, eSpace UC) versions eSpace 1.1.11.103 and eSpace UC V200R002C02
No auth needed
Prerequisites: Victim must have the vulnerable Huawei eSpace Meeting software installed · Attacker must deliver the exploit via a malicious webpage or document that triggers the ActiveX control
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0067
EPSS Percentile 47.0%

Details

CWE
CWE-119
Status published
Products (1)
huawei/espace_desktop < v200r001c03
Published Dec 24, 2014
Tracked Since Feb 18, 2026