CVE-2020-0946: 
vulnerability analysis and mitigation

An information disclosure vulnerability (CVE-2020-0946) was identified in Microsoft Media Foundation, where the component improperly handles objects in memory. This vulnerability was disclosed in April 2020 and affects various versions of Microsoft Windows operating systems. This vulnerability is distinct from similar issues tracked as CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, and CVE-2020-0947 (CVE Details).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. Under CVSS v2.0, it received a base score of 4.3 (Medium) with the vector (AV:N/AC:M/Au:N/C:P/I:N/A:N). The vulnerability requires user interaction to be exploited, as indicated by the UI:R parameter in the CVSS v3.1 vector (NVD Database).

When successfully exploited, this vulnerability can lead to information disclosure, potentially allowing an attacker to access sensitive information from memory. The vulnerability specifically affects the confidentiality of the system (C:H in CVSS v3.1) while having no direct impact on integrity or availability (NVD Database).

Microsoft has released security patches to address this vulnerability. The fix is available through Microsoft's standard update channels for affected Windows versions, including Windows 10 (multiple versions), Windows 8.1, and Windows 7 SP1 (Microsoft Advisory).