http://securitytracker.com/id/1027224 says: "A remote user can create a specially crafted file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user."