CVE-2014-3802
Microsoft Debug Interface Access SDK - Remote Code Execution via Crafted PDB File
Title source: llmDescription
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67398
Third Party Advisory, VDB Entry x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-14-129/
Scores
EPSS
0.1093
EPSS Percentile
95.4%
Details
CWE
CWE-20
Status
published
Products (6)
microsoft/debug_interface_access_software_development_kit
microsoft/visual_studio
2002
microsoft/visual_studio
2003
microsoft/visual_studio
2005
microsoft/visual_studio
2010 (2 CPE variants)
microsoft/visual_studio
< 2012
Published
May 20, 2014
Tracked Since
Feb 18, 2026