4.3

CVE-2018-1037

EPSS 9.47%
Veröffentlicht 12.04.2018 01:29:10
Zuletzt bearbeitet 21.11.2024 03:59:02
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Visual Studio Version2010 Updatesp1

Microsoft ≫ Visual Studio Version2012 Updateupdate5

Microsoft ≫ Visual Studio Version2013 Updateupdate5

Microsoft ≫ Visual Studio Version2015 Updateupdate3

Microsoft ≫ Visual Studio Version2017

Microsoft ≫ Visual Studio 2017 Version15.6.6

Microsoft ≫ Visual Studio 2017 Version15.7 Editionpreview

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.47%	0.925

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

http://www.securityfocus.com/bid/103715

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040664

Third Party Advisory

VDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-1037

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1037

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1037

EUVD