CVE-2020-0939: 
vulnerability analysis and mitigation

An information disclosure vulnerability (CVE-2020-0939) exists when Media Foundation improperly handles objects in memory, known as 'Media Foundation Information Disclosure Vulnerability'. The vulnerability was disclosed on April 15, 2020, affecting various Microsoft Windows systems including Windows 10 versions 1903, 1909, and Windows Server 2016 versions 1903, 1909 (NVD Database).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. Under CVSS v2.0, it received a base score of 4.3 (MEDIUM) with the vector string (AV:N/AC:M/Au:N/C:P/I:N/A:N). The vulnerability requires user interaction for successful exploitation (NVD Database).

The vulnerability could lead to information disclosure when Media Foundation improperly handles objects in memory. This issue is distinct from several other Media Foundation vulnerabilities (CVE-2020-0937, CVE-2020-0945, CVE-2020-0946, CVE-2020-0947) (NVD Database).

Microsoft has released security patches to address this vulnerability. Users should apply the security updates available through the Microsoft Security Response Center (MSRC Advisory).