The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached.