CVE-2014-3802

EPSS 11.21%
Veröffentlicht 20.05.2014 23:55:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Debug Interface Access Software Development Kit Version-

Microsoft ≫ Visual Studio Version <= 2012

Microsoft ≫ Visual Studio Version2002

Microsoft ≫ Visual Studio Version2003

Microsoft ≫ Visual Studio Version2005

Microsoft ≫ Visual Studio Version2010

Microsoft ≫ Visual Studio Version2010 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	11.21%	0.928

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/67398

Third Party Advisory

VDB Entry

http://zerodayinitiative.com/advisories/ZDI-14-129/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2014-3802

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3802

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3802

EUVD