Windows and other OSes have application launchers that open whatever app you want, and those apps may have issues that cause it to download and run arbitrary code. if that's the logic here, then every application launcher is vulnerable to similar RCE.

if there's really nothing more to this 8.8 RCE CVE than that, this will finally be the thing that's makes me blackhole cve.org.