The host is missing a critical security update according to Microsoft security bulletin, MS15-129. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to obtain the same permissions as the currently logged-on user or execute arbitrary code.