CVE-2020-0995: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-0995) exists in the Windows Jet Database Engine when it improperly handles objects in memory. This vulnerability was disclosed and tracked by Microsoft, with initial analysis completed by NIST on April 22, 2020. The vulnerability affects multiple versions of Windows operating systems including Windows 10, Windows 8.1, Windows 7 SP1, and various Windows Server versions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access is required and user interaction is needed. The CVSS v2.0 score is 9.3 (High) with vector (AV:N/AC:M/Au:N/C:C/I:C/A:C). The vulnerability was initially categorized under CWE-119 but was later remapped to NVD-CWE-noinfo (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the affected system, potentially gaining the same user rights as the current user. The high CVSS scores indicate that successful exploitation could lead to complete compromise of system confidentiality, integrity, and availability (NVD).

Microsoft has released security patches to address this vulnerability. Users should apply the appropriate security updates available through the Microsoft Security Response Center (MSRC).