CVE-2020-0952: 
vulnerability analysis and mitigation

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, known as 'Windows GDI Information Disclosure Vulnerability'. This vulnerability was assigned CVE-2020-0952 and was disclosed as part of Microsoft's April 2020 Patch Tuesday updates (Talos Blog, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. Under CVSS v2.0, it received a base score of 4.3 (Medium) with the vector (AV:N/AC:M/Au:N/C:P/I:N/A:N). The vulnerability specifically relates to how the Windows GDI component handles memory operations, potentially leading to unauthorized disclosure of memory contents (NVD).

The vulnerability could allow an attacker to access sensitive information from the affected system's memory through the Windows GDI component. This information disclosure could potentially be used to further compromise the affected system or gain insights into the system's operations (NVD).

Microsoft has released security updates to address this vulnerability as part of their April 2020 Patch Tuesday updates. Users are advised to apply the security updates provided through the Microsoft Security Update Guide (MSRC Advisory).