CVE-2014-3802

Name of the Vulnerable Software and Affected Versions Microsoft Visual Studio versions prior to 2013

Description The issue arises from improper validation of an unspecified variable in the msdia.dll file within Microsoft Debug Interface Access (DIA) SDK. This leads to potential memory corruption when calculating a dynamic-call address, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted PDB file.

Recommendations For versions prior to 2013, consider restricting access to the msdia.dll file until a fix is available. As a temporary workaround, avoid using crafted PDB files that could trigger the memory corruption issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.