Remote Code Execution Vulnerability in Microsoft Visual Studio
CVE-2014-3802

Currently unrated

Key Information:

Vendor: Microsoft
Status: Debug Interface Access Software Development Kit; Visual Studio
Vendor: CVE Published:; 20 May 2014

Summary

A vulnerability has been identified in the msdia.dll component of the Microsoft Debug Interface Access (DIA) SDK, which is included in Microsoft Visual Studio prior to 2013. This issue arises from improper validation of a specific variable during the calculation of dynamic-call addresses. As a result, an attacker can exploit this flaw by submitting a specially crafted Program Database (PDB) file, potentially leading to the remote execution of arbitrary code or triggering a denial of service condition via memory corruption.

References

http://www.securityfocus.com/bid/67398

vdb-entryx_refsource_BID

http://zerodayinitiative.com/advisories/ZDI-14-129/

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 20, 2014
Vulnerability Reserved
May 20, 2014