CVE-2014-3802

Currently unrated

Key Information:

Vendor: Microsoft
Status: Debug Interface Access Software Development Kit; Visual Studio
Vendor: CVE Published:; 20 May 2014

Summary

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

References

http://www.securityfocus.com/bid/67398

vdb-entryx_refsource_BID

http://zerodayinitiative.com/advisories/ZDI-14-129/

x_refsource_MISC

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 20, 2014
Vulnerability Reserved
May 20, 2014

Collectors

NVD DatabaseMitre Database