The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 or Windows 7 SP1 and is prone to a heap-based overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted jnt files. Successful exploitation allows attackers to execute an arbitrary code in the context of the current user.