ID CVE-2018-1037
Summary An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:visual_studio:2017:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio:2017:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio:2013:update5:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio:2013:update5:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_2017:15.7:*:preview:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_2017:15.7:*:preview:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio_2017:15.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_2017:15.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_studio:2012:update5:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio:2012:update5:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 12-08-2021 - 14:45)
Impact:
Exploitability:
CWE CWE-908
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
bid 103715
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037
sectrack 1040664
Last major update 12-08-2021 - 14:45
Published 12-04-2018 - 01:29
Last modified 12-08-2021 - 14:45
Back to Top