CVE-2020-0881: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-0881) exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. This vulnerability, also known as 'GDI+ Remote Code Execution Vulnerability', was disclosed on March 12, 2020, and affects various versions of Microsoft Windows operating systems (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability could potentially lead to complete compromise of confidentiality, integrity, and availability of the target system (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the affected system and gain the same user rights as the local user. Users with administrative privileges could be more severely impacted compared to users with restricted rights (Rapid7).

Microsoft has released security updates to address this vulnerability across multiple versions of Windows, including Windows 10, Windows Server 2016, Windows Server 2019, and other affected versions. Users are advised to apply the appropriate security updates to mitigate this vulnerability (Rapid7).