According to the an
advisory released by Zero Day Initiative (ZDI), the vulnerability is due to a problem with the management of indexes in the Jet database engine that, if exploited successfully, can cause an out-out-bounds memory write, leading to remote code execution. An attacker must convince a targeted user into opening a specially crafted JET database file in order to exploit this vulnerability and remotely execute malicious code on a targeted vulnerable Windows computer.
Proof-of-concept exploit code for the vulnerability has also been
published by the Trend Micro its GitHub page.
Microsoft is working on a patch for the vulnerability, and since it was not included in September Patch Tuesday, you can expect the fix in Microsoft's October patch release.