An attacker may exploit a vulnerability in Windows Script Engine by constructing a Web page that, when visited by a user, runs code of the attacker’s choice with user credentials. The attacker can host the Web page on a Web site or send the page directly to the user by e-mail.
Windows NT 4.0, Windows NT 4.0 Terminal Server Edition
Windows Millennium Edition
Windows 98 Second Edition & Windows 98