CVE-2014-3802

EPSS 11.21%
Published 20.05.2014 23:55:05
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Debug Interface Access Software Development Kit Version-

Microsoft ≫ Visual Studio Version <= 2012

Microsoft ≫ Visual Studio Version2002

Microsoft ≫ Visual Studio Version2003

Microsoft ≫ Visual Studio Version2005

Microsoft ≫ Visual Studio Version2010

Microsoft ≫ Visual Studio Version2010 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	11.21%	0.928

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/67398

Third Party Advisory

VDB Entry

http://zerodayinitiative.com/advisories/ZDI-14-129/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2014-3802

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3802

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3802

EUVD