Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2014-3802

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

Published: May 20, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-3802
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / visual_studio	2002	2002.x
microsoft / visual_studio	2003	2003.x
microsoft / visual_studio	2005	2005.x
microsoft / visual_studio	-	2012.x
microsoft / visual_studio	2010	2010.x
microsoft / visual_studio	2010-sp1	2010-sp1.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo