The vulnerability is due to improper parsing of XML HmiSet Type attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project file. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.