A flaw exists in the way by which the Windows Script Engine for JScript processes information. An Attacker could exploit the vulnerability by constructing a Web page that, when visited by the user, would execute code of the attacker’s choice with user privileges. The Web page could be hosted on a Web site, or sent directly to the user in email.