CVE-2014-3802

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

Published: May 21, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3802
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / visual_studio	2002	2002.x
microsoft / visual_studio	2003	2003.x
microsoft / visual_studio	2005	2005.x
microsoft / visual_studio	-	2012.x
microsoft / visual_studio	2010	2010.x
microsoft / visual_studio	2010-sp1	2010-sp1.x

http://www.securityfocus.com/bid/67398
http://zerodayinitiative.com/advisories/ZDI-14-129/

Vulnerability Database

289,697

CVE-2014-3802