Vulnerability Details CVE-2014-3802
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.112
EPSS Ranking 93.1%
CVSS Severity
CVSS v2 Score 6.8
References
Products affected by CVE-2014-3802
-
cpe:2.3:a:microsoft:debug_interface_access_software_development_kit:-
-
cpe:2.3:a:microsoft:visual_studio:-
-
cpe:2.3:a:microsoft:visual_studio:2002
-
cpe:2.3:a:microsoft:visual_studio:2003
-
cpe:2.3:a:microsoft:visual_studio:2005
-
cpe:2.3:a:microsoft:visual_studio:2008
-
cpe:2.3:a:microsoft:visual_studio:2010
-
cpe:2.3:a:microsoft:visual_studio:2012
-
cpe:2.3:a:microsoft:visual_studio:6.0
-
cpe:2.3:a:microsoft:visual_studio:97