|CVSS SCORE||5.1, (AV:N/AC:H/Au:N/C:P/I:P/A:P)|
The specific flaw exists within InjectHtmlStream. By manipulating a document's elements an attacker can reveal the contents of memory and also cause memory corruption. An attacker could leverage this vulnerability to execute arbitrary code under the context of the current process.
Microsoft has issued an update to correct this vulnerability. More details can be found at: