Improper input validation in Microsoft Debug_interface_access_software_development_kit

CVE-2014-3802

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attack…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.096 (93.0th percentile) — read the EPSS interpretation.

Affected products

Microsoft Debug_interface_access_software_development_kit
Microsoft Visual_studio — versions 2002, 2003, 2005
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

67398 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC)