CVE-2020-0960: 
vulnerability analysis and mitigation

A remote code execution vulnerability exists in the Windows Jet Database Engine when it improperly handles objects in memory (CVE-2020-0960). The vulnerability was disclosed on April 15, 2020, affecting various versions of Microsoft Windows including Windows 10, Windows 8.1, and Windows 7 SP1 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 9.3 (High) with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C). The vulnerability is distinct from several other Jet Database Engine vulnerabilities, including CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, and CVE-2020-1008 (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the affected system with the same privileges as the current user. Given the high CVSS scores for both confidentiality, integrity, and availability impacts, successful exploitation could result in complete system compromise (NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate patches through Windows Update or download and install them manually from the Microsoft Security Update Guide (MSRC).