CVE-2014-3802

Microsoft Debug Interface Access SDK - Remote Code Execution via Crafted PDB File

Title source: llm
STIX 2.1

Description

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67398
Third Party Advisory, VDB Entry x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-14-129/

Scores

EPSS 0.1093
EPSS Percentile 95.4%

Details

CWE
CWE-20
Status published
Products (6)
microsoft/debug_interface_access_software_development_kit
microsoft/visual_studio 2002
microsoft/visual_studio 2003
microsoft/visual_studio 2005
microsoft/visual_studio 2010 (2 CPE variants)
microsoft/visual_studio < 2012
Published May 20, 2014
Tracked Since Feb 18, 2026