EUVD-2018-11697

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Information disclosure vulnerability in Visual Studio exposes uninitialized memory during PDB file compilation

Reporter	Title	Published	Views	Family All 20
BDU FSTEC	The vulnerability of the Microsoft Visual Studio software development tool, related to the use of an uninitialized resource, allows attackers to disclose sensitive information.	16 Oct 202300:00	–	bdu_fstec
CVE	CVE-2018-1037	12 Apr 201801:00	–	cve
Cvelist	CVE-2018-1037	12 Apr 201801:00	–	cvelist
Microsoft KB	Description of the security update for the information disclosure vulnerability in Visual Studio 2015 Update 3: April 10, 2018	10 Apr 201807:00	–	mskb
Microsoft KB	Description of the security update for the information disclosure vulnerability in Visual Studio 2013 Update 5: April 10, 2018	10 Apr 201807:00	–	mskb
Microsoft KB	Description of the security update for the information disclosure vulnerability in Visual Studio 2012 Update 5: April 12, 2018	10 Apr 201807:00	–	mskb
Microsoft KB	Description of the security update for the information disclosure vulnerability in Visual Studio 2010 Service Pack 1: April 10, 2018	10 Apr 201807:00	–	mskb
Kaspersky	KLA11226 OSI vulnerability in Microsoft Developer Tools	10 Apr 201800:00	–	kaspersky
Microsoft CVE	Microsoft Visual Studio Information Disclosure Vulnerability	10 Apr 201807:00	–	mscve
NVD	CVE-2018-1037	12 Apr 201801:29	–	nvd

[
  {
    "enisaIdVendor": [
      {
        "id": "77dc9f41-4184-3424-89fb-9bf294030493",
        "vendor": {
          "name": "Microsoft"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0597e5f5-9216-32c5-ac8e-8edc11357721",
        "product": {
          "name": "Microsoft Visual Studio"
        },
        "product_version": "2017 Version 15.7 Preview"
      },
      {
        "id": "2977e686-91c0-3c06-a261-cf8b09b32876",
        "product": {
          "name": "Microsoft Visual Studio"
        },
        "product_version": "2010 Service Pack 1"
      },
      {
        "id": "413191b5-4275-3f98-9171-096f7451e11a",
        "product": {
          "name": "Microsoft Visual Studio"
        },
        "product_version": "2012 Update 5"
      },
      {
        "id": "450e15cc-3bf1-3986-8601-11f5f4517e9c",
        "product": {
          "name": "Microsoft Visual Studio"
        },
        "product_version": "2017 Version 15.6.6"
      },
      {
        "id": "49de82af-6117-3f3f-9b3c-f3c45600d348",
        "product": {
          "name": "Microsoft Visual Studio"
        },
        "product_version": "2015 Update 3"
      },
      {
        "id": "8696690f-6413-3d89-b8b8-c56d1eefa63c",
        "product": {
          "name": "Microsoft Visual Studio"
        },
        "product_version": "2013 Update 5"
      },
      {
        "id": "ec3e73fe-7c75-3430-ab91-6415aa7ebaa7",
        "product": {
          "name": "Microsoft Visual Studio"
        },
        "product_version": "2017"
      }
    ]
  }
]

Source	Link
securitytracker	www.securitytracker.com/id/1040664
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037
securityfocus	www.securityfocus.com/bid/103715
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

4.6Medium risk

Vulners AI Score4.6

CVSS 34.3

CVSS 24.3

EPSS0.09465