CVE-2020-0950: 
vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2020-0950) was identified in Windows Media Foundation, discovered and disclosed in April 2020. The vulnerability occurs when Windows Media Foundation improperly handles objects in memory. This vulnerability affects various versions of Microsoft Windows 10 and Windows Server 2016 (NVD, CVE).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 base score of 8.8 (HIGH) and a CVSS v2.0 score of 9.3 (HIGH). The vulnerability requires user interaction and can be exploited remotely with no privileges required. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow an attacker to achieve high levels of confidentiality, integrity, and availability impacts on the affected system. The high CVSS scores indicate the potential for complete compromise of the target system's confidentiality, integrity, and availability (NVD).

Microsoft has released security patches to address this vulnerability. Updates are available for affected versions of Windows 10 and Windows Server 2016 through various KB articles including KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, and KB4550930 (Rapid7).