Few combined vulnerabilities allow to download and execute file on client machine.
vulners.com/securityvulns/securityvulns:doc:8582