An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka Microsoft Visual Studio Information Disclosure Vulnerability. This affects Microsoft Visual Studio.
Weakness
The product uses or accesses a resource that has not been initialized.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Visual_studio | Microsoft | 2010-sp1 (including) | 2010-sp1 (including) |
| Visual_studio | Microsoft | 2012-update5 (including) | 2012-update5 (including) |
| Visual_studio | Microsoft | 2013-update5 (including) | 2013-update5 (including) |
| Visual_studio | Microsoft | 2015-update3 (including) | 2015-update3 (including) |
| Visual_studio | Microsoft | 2017 (including) | 2017 (including) |
| Visual_studio_2017 | Microsoft | 15.6.6 (including) | 15.6.6 (including) |
| Visual_studio_2017 | Microsoft | 15.7 (including) | 15.7 (including) |
Potential Mitigations
References
- http://www.securityfocus.com/bid/103715
- http://www.securitytracker.com/id/1040664
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037
- http://www.securityfocus.com/bid/103715
- http://www.securitytracker.com/id/1040664
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037