Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Description of the security update for mspdbcmf.exe in Visual Studio 2015 Update 3: April 12, 2018


View products that this article applies to.

Summary

An information disclosure vulnerability exists when Visual Studio improperly discloses the contents of its memory. An attacker who exploits the vulnerability could view uninitialized memory from the computer that is used to compile a program database file.

To learn more about the vulnerability, go to CVE-2018-1037.

↑ Back to the top


How to obtain and install the update

The following file is available for download:

Download the hotfix package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

↑ Back to the top


More Information

Prerequisites

To apply this security update, you must have Visual Studio 2015 Update 3 installed.

Restart requirement

You may have to restart the computer after you apply this security update if no instance of Visual Studio is being used.

Security update replacement information

This security update doesn't replace other security updates.

Issues that are fixed in this security update

This security update addresses the PDB issue that is described in CVE-2018-1037, in which a PDB file may contain uninitialized heap content in a process that updates an existing PDB file, such as mspdbcmf.exe. This security hotfix contains update to mspdbcmf.exe only. We strongly recommend that you install this related security update and use the updated PDBCopy tool to check every existing PDB that you intend to share or distribute.

How to obtain help and support for this security update
Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

↑ Back to the top


File information

File hash information
File name SHA1 hash SHA256 hash
VC14-KB4131902.exe DCD3DF0553B6543BA08CF12B5BC6F44CAC718601 BDD148A007B029D0D06D0E5BAF135AA6FA8AE9947050C1BFDEE9BABFF48F4D61

↑ Back to the top


Keywords: kbsurveynew, kbsecvulnerability, kbsecurity, kbsecreview, kbsecbulletin, kbfix, kblangall, kb, kbexpertiseinter, kbbug, atdownload, kbmustloc

↑ Back to the top

Article Info
Article ID : 4131902
Revision : 5
Created on : 4/14/2018
Published on : 4/14/2018
Exists online : False
Views : 240