CVE-2014-3802

Published May 20, 2014

Last updated 4 months ago

CVSS info 6.8

Overview

Description: msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:debug_interface_access_software_development_kit:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D8D8D4D-3E1A-4C3E-93BD-B8B7C38C7D55"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD71DE0A-180E-4FDC-AD7A-E5E6432E79E4",
            "versionEndIncluding": "2012"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:2002:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2932E484-D529-49E0-A929-7099C389E990"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:2003:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "218BBF55-83D9-46D3-8650-42F370B8AE5C"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9D526CD-0FD2-4510-901D-ACE418FEC8A3"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DD0F743-9881-4934-944A-982F994FC595"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References