2 results (0.004 seconds)

CVSS: 7.8EPSS: 11%CPEs: 7EXPL: 0

CVE-2014-3802 – Microsoft DIA SDK msdia.dll Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2014-3802

14 May 2014 — msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. msdia.dll en Microsoft Debug Interface Access (DIA) SDK, distribuido en Microsoft Visual Studio anterior a 2013, no valida debidamente una variable no especificada antes ... • http://www.securityfocus.com/bid/67398 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 57%CPEs: 2EXPL: 2

CVE-2007-4891 – Microsoft Visual Studio 6.0 - 'PDWizard.ocx' Remote Command Execution

https://notcve.org/view.php?id=CVE-2007-4891

14 Sep 2007 — A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. Un determinado control ActiveX de PDWizard.ocx 6.0.0.9782 y versiones anteriores de Microsoft Visual Studio 6.0 expone m... • https://www.exploit-db.com/exploits/4393 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •