CVE-2018-1037
MEDIUMMicrosoft Visual Studio - Information Disclosure via Uninitialized Memory in PDB File Compilation
Title source: llmDescription
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040664
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103715
Scores
CVSS v3
4.3
EPSS
0.0588
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-908
Status
published
Products (7)
microsoft/visual_studio
2010 sp1
microsoft/visual_studio
2012 update5
microsoft/visual_studio
2013 update5
microsoft/visual_studio
2015 update3
microsoft/visual_studio
2017
microsoft/visual_studio_2017
15.6.6
microsoft/visual_studio_2017
15.7
Published
Apr 12, 2018
Tracked Since
Feb 18, 2026