A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.
To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB). After successfully exploiting the vulnerability, an attacker could gain execution on a victim system.
The security update addresses the vulnerability by correcting the way Windows Address Book handles bound checking.