CVE-2020-0937: 
vulnerability analysis and mitigation

An information disclosure vulnerability (CVE-2020-0937) exists in Microsoft Media Foundation when it improperly handles objects in memory. This vulnerability was disclosed on April 15, 2020, and affects various versions of Microsoft Windows operating systems. The vulnerability is distinct from similar issues tracked as CVE-2020-0939, CVE-2020-0945, CVE-2020-0946, and CVE-2020-0947 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates local access is required, low attack complexity, no privileges required, user interaction is required, and the scope is unchanged. The vulnerability can lead to high confidentiality impact but has no impact on integrity or availability. Under CVSS v2.0, it received a base score of 4.3 with vector (AV:N/AC:M/Au:N/C:P/I:N/A:N) (NVD).

The vulnerability could allow an attacker to obtain information disclosure from affected systems. The successful exploitation requires user interaction and could lead to unauthorized access to sensitive information in memory (NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate patches through the Microsoft Security Response Center (MSRC).