Overview
- Description
- An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
- Source
- secure@microsoft.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-908
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DD0F743-9881-4934-944A-982F994FC595"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "552ECB0E-21C4-4513-B410-6B91DB554FA8"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D17A077-7D51-459B-8BC6-6F6DE055A714"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:2017:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5DB2D78-534E-49B5-B460-41049F7238BA"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F340A138-F4E2-438C-8FEE-BEE1408D09AD"
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.7:*:preview:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A7C2BD8-E17D-4B0D-846A-7A6B01F78BA9"
}
],
"operator": "OR"
}
]
}
]