The host is installed with Microsoft Graphics Rendering Engine and is prone to stack-based buffer overflow vulnerability. A flaw is present in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module, which fails to properly parse a malformed thumbnail image. Successful exploitation could allow remote attackers to execute arbitrary code and take complete control over the system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted thumbnail image.