Vulnerability Description
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Debug Interface Access Software Development Kit | - |
| Microsoft | Visual Studio | <= 2012 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/67398Third Party AdvisoryVDB Entry
- http://zerodayinitiative.com/advisories/ZDI-14-129/Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/67398Third Party AdvisoryVDB Entry
- http://zerodayinitiative.com/advisories/ZDI-14-129/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-3802?
CVE-2014-3802 is a vulnerability with a CVSS score of 6.8 (MEDIUM). msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-c...
How severe is CVE-2014-3802?
CVE-2014-3802 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3802?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Debug Interface Access Software Development Kit, Microsoft Visual Studio.