CVE-2020-0807: 
vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2020-0807) exists when Windows Media Foundation improperly handles objects in memory. This critical vulnerability was disclosed on March 10, 2020, as part of Microsoft's March Patch Tuesday updates. The vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows Server 2016, and Windows Server 2019 (NVD, Trustwave).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-787 (Out-of-bounds Write), indicating a memory corruption issue. This vulnerability is unique from similar Media Foundation vulnerabilities CVE-2020-0801, CVE-2020-0809, and CVE-2020-0869 (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code with the same privileges as the current user. The impact is particularly severe if the user has administrative rights, potentially allowing complete system compromise. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as high impact according to the CVSS score (NVD).

Microsoft released security updates to address this vulnerability as part of the March 2020 Patch Tuesday. Users and administrators should apply the relevant security updates for their affected Windows systems. The patches are available through the standard Windows Update mechanism (MSRC).