The vulnerability exists due to a boundary error within the Windows DWMCORE library. A local user can trigger a heap-based buffer overflow and execute arbitrary code with the DWM user with Integrity System privileges.
CVE Link
Exploit Platform
Product Name