This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or if an attacker leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked as "safe for initialization" in an application or a Microsoft Office document that uses the Internet Explorer rendering engine to direct the user to the specially crafted website.
To learn more about the vulnerability, see Microsoft Security Bulletin MS15-108.
To learn more about the vulnerability, see Microsoft Security Bulletin MS15-108.