The vulnerability exists in Dropbox for Windows and is an arbitrary file overwrite issue that can give an attacker with local user access escalated privileges to execute code as SYSTEM. The problem is with the DropboxUpdater service and, although the researchers have released no exploit code, it would appear to allow a local user to replace executable files which can then get executed by SYSTEM.

How difficult is it to exploit this vulnerability?
What is the Dropbox for Windows zero-day vulnerability?
What does Dropbox have to say about the zero-day vulnerability?
More Windows 10 security tips