The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut.
FORBES: New Windows Bug Offers Hackers An Attack Shortcut