CVE-2018-1037

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.

Published: Apr 12, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-1037
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-908

Affected Software
References

Software	From	Fixed in
microsoft / visual_studio	2010-sp1	2010-sp1.x
microsoft / visual_studio	2017	2017.x
microsoft / visual_studio	2015-update3	2015-update3.x
microsoft / visual_studio	2013-update5	2013-update5.x
microsoft / visual_studio	2012-update5	2012-update5.x
microsoft / visual_studio_2017	15.6.6	15.6.6.x
microsoft / visual_studio_2017	15.7	15.7.x

http://www.securityfocus.com/bid/103715
http://www.securitytracker.com/id/1040664
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037

Vulnerability Database

289,599

CVE-2018-1037