The host is installed with Microsoft Excel 2007 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to remove a reference to an object in a linked list even after the object is freed, causing an error in parsing shape data within a particular container. Successful exploitation allows remote attackers to execute arbitrary code under the context of the application.