"An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system." Why would software that is written to scan potentially dangerous files be configured to run under the LocalSystem account? Shouldn't it run under a least privilege account?