Endpoint Vulnerability

Microsoft Visual Studio Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files. An attacker who took advantage of this information disclosure could view uninitialized memory from the Visual Studio instance used to compile the PDB file.

Affected Products

Microsoft Visual Studio 2010 Service Pack 1,Microsoft Visual Studio 2012 Update 4,Microsoft Visual Studio 2013 Update 5,Microsoft Visual Studio 2015 Update 3,Microsoft Visual Studio 2017,Microsoft Visual Studio 2017 Version 15.6.6,Microsoft Visual Studio 2017 Version 15.7 Preview

References

CVE-2018-1037,