CVE-2020-0949: 
vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2020-0949) was identified in Windows Media Foundation, where the application improperly handles objects in memory. The vulnerability was disclosed on April 15, 2020, and affects various versions of Microsoft Windows 10 and Windows Server 2016. This vulnerability is distinct from related issues CVE-2020-0948 and CVE-2020-0950 (NVD, CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 9.3 (HIGH) with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C). The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD).

The vulnerability poses significant risks with high potential impact on confidentiality, integrity, and availability of affected systems. Given its CVSS scores and classification as a memory corruption vulnerability, successful exploitation could lead to complete system compromise (NVD).

Microsoft has released security patches to address this vulnerability. Users of affected systems should apply the appropriate security updates through the Microsoft security guidance (MSRC Advisory).