CVE-2020-0874: 
vulnerability analysis and mitigation

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. This vulnerability, identified as CVE-2020-0874, was disclosed on March 12, 2020, and affects various Windows operating systems. This CVE is unique from related vulnerabilities CVE-2020-0774, CVE-2020-0879, CVE-2020-0880, and CVE-2020-0882 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Under CVSS v2.0, it received a Base Score of 2.1 (LOW) with the vector (AV:L/AC:L/Au:N/C:P/I:N/A:N). The vulnerability specifically relates to how the Windows GDI component handles objects in memory, potentially leading to unauthorized information disclosure (NVD).

The vulnerability allows an attacker to retrieve sensitive information from a targeted system. The impact is primarily focused on confidentiality, with no direct impact on system integrity or availability as indicated by the CVSS scores (NVD).

Microsoft has released security updates to address this vulnerability. The patches are available through the Microsoft Security Update Guide (MSRC).