A code injection vulnerability exists in Microsoft 3D Viewer, a simplified and fast graphics editing application from Microsoft Corporation (USA). The vulnerability stems from the process of constructing code segments from external input data that is not properly filtered by the network system or product for particular elements. An attacker could use this vulnerability to generate an illegal code segment that modifies the expected execution control flow of the network system or component.