|CVSS SCORE||6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)|
The specific flaw exists within the parsing of the item1.xml file inside of the .docx package. By transposing elements, an attacker is able to cause a pointer to be re-used after it was freed. An attacker could leverage this to execute arbitrary code in the context of the user.
Microsoft has issued an update to correct this vulnerability. More details can be found at: