The specific flaw exists within the parsing of a DOCX file. A tag associated with a VML shape is not properly validated. As such, if it is too large, an overflow will occur into the adjacent buffer. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution under the context of the Polaris Viewer application.

ADDITIONAL DETAILS