CVE-2020-0798: 
vulnerability analysis and mitigation

An elevation of privilege vulnerability (CVE-2020-0798) exists in the Windows Installer when it fails to properly sanitize input, leading to an insecure library loading behavior. This vulnerability was disclosed in March 2020 and affects various versions of Microsoft Windows operating systems. The vulnerability is unique from similar Windows Installer vulnerabilities CVE-2020-0779, CVE-2020-0814, CVE-2020-0842, and CVE-2020-0843 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit. The vulnerability can impact confidentiality, integrity, and availability with high severity (NVD).

If successfully exploited, this vulnerability allows a locally authenticated attacker to run arbitrary code with elevated system privileges. This means an attacker could potentially gain administrative control over the affected system, leading to complete system compromise (NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate security updates for their specific Windows version through Windows Update. The vulnerability is fixed by correcting how the Windows Installer handles input sanitization (MSRC).