CVE-2020-1008: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-1008) exists in the Windows Jet Database Engine when it improperly handles objects in memory. This vulnerability was disclosed on April 15, 2020, and affects multiple versions of Microsoft Windows operating systems. The vulnerability is distinct from several other CVEs including CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, and CVE-2020-0999 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 9.3 (High) with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C). The vulnerability affects multiple Windows versions including Windows 10 (various versions), Windows 7 SP1, and Windows 8.1 (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the target system, potentially gaining the same user rights as the current user. The vulnerability affects the confidentiality, integrity, and availability of the system, as indicated by the high CVSS scores (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB4550930, KB4550929, KB4550927, KB4550922, KB4549949, and KB4549951 for different versions of Windows (Rapid7).