CVE-2014-3802
Microsoft DIA SDK msdia.dll Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
msdia.dll en Microsoft Debug Interface Access (DIA) SDK, distribuido en Microsoft Visual Studio anterior a 2013, no valida debidamente una variable no especificada antes de utilizarla para calcular una dirección de llamada dinámica, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo PDB manipulado.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Debug Interface Access SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDB files. The issue lies in a failure to sanitize a value which is then used in the calculation of an address for a dynamic call. An attacker can leverage this vulnerability to execute code under the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Published
- 2014-05-20 CVE Reserved
- 2024-04-01 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/67398 | Third Party Advisory | |
http://zerodayinitiative.com/advisories/ZDI-14-129 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Debug Interface Access Software Development Kit Search vendor "Microsoft" for product "Debug Interface Access Software Development Kit" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | <= 2012 Search vendor "Microsoft" for product "Visual Studio" and version " <= 2012" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 2002 Search vendor "Microsoft" for product "Visual Studio" and version "2002" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 2003 Search vendor "Microsoft" for product "Visual Studio" and version "2003" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 2005 Search vendor "Microsoft" for product "Visual Studio" and version "2005" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 2010 Search vendor "Microsoft" for product "Visual Studio" and version "2010" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 2010 Search vendor "Microsoft" for product "Visual Studio" and version "2010" | sp1 |
Affected
|