Moltiple bugs allow code execution on client host.
vulners.com/securityvulns/securityvulns:doc:1055
vulners.com/securityvulns/securityvulns:doc:746