Because the vulnerability affects the JScript component (Microsoft custom implementation of JavaScript), the only condition is that the attacker must trick the user into accessing a malicious web ...