From the advisory the "issue is due to a heap overflow error in the CAB file format parser that does not properly handle a specially crafted file containing large header records and particular header flags set, which could be exploited by attackers to execute arbitrary commands (e.g. by sending an email containing a specially crafted CAB file)."