CVE-2014-3802

CVE Database · CVE-2014-3802

CVE-2014-3802

· N/AModified

CVSS v3.1

N/A

EPSS

10.93%

Published

May 20, 2014

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

Weaknesses (CWE)

CWE-20

Affected Products (7)

microsoft · debug_interface_access_software_development_kitvulnerable

microsoft · visual_studiovulnerable

References (4)

http://www.securityfocus.com/bid/67398

Third Party AdvisoryVDB Entry

http://zerodayinitiative.com/advisories/ZDI-14-129/

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/67398

Third Party AdvisoryVDB Entry

http://zerodayinitiative.com/advisories/ZDI-14-129/

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs