CVE-2014-3802

Опубликовано: 20 мая 2014

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

Ссылки

http://www.securityfocus.com/bid/67398
Third Party Advisory
VDB Entry
http://zerodayinitiative.com/advisories/ZDI-14-129/
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/67398
Third Party Advisory
VDB Entry
http://zerodayinitiative.com/advisories/ZDI-14-129/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:debug_interface_access_software_development_kit:-:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*

Версия до 2012 (включая)

cpe:2.3:a:microsoft:visual_studio:2002:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:visual_studio:2003:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:visual_studio:2005:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.09589

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-vvjc-3hh3-ch9p

github

больше 3 лет назад