Description of the security update for the information disclosure vulnerability in Visual Studio 2010 Service Pack 1: April 10, 2018


Summary


An information disclosure vulnerability exists when Visual Studio improperly discloses the contents of its memory. An attacker who exploits the vulnerability could view uninitialized memory from the computer that is used to compile a program database file.

To learn more about the vulnerability, see CVE-2018-1037.

How to obtain and install the update


Method 1: Microsoft Download

The following file is available for download:

Download Download the hotfix package now.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

More Information


Prerequisites

To apply this security update, you must have Visual Studio 2010 Service Pack 1 installed.

Restart requirement

You may have to restart the computer after you apply this security update if an instance of Visual Studio is being used.

Security update replacement information

This security update doesn't replace other security updates.

Issues that are fixed in this security update

This hotfix addresses the PDB security issue that is described in CVE-2018-1037, where PDB file may contain uninitialized heap content in a process that updates an existing PDB file, like mspdbsrv.exe. We strongly recommend that you use the updated PDBCopy tool to check every existing PDB that is shared or distributed for this vulnerability.

File information


File hash information

File name SHA1 hash SHA256 hash
VS10SP1-KB4091346-x86.exe 0824D59110CAD470404AA035A411BCF383AC08B0 287646967891FE96A7223D839C69448536C14934D139C3019A5AA2774F068A7F


File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.