A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and execute arbitrary code. This includes all versions of Microsoft Internet Explorer.
b64494b3d3720d952429d019e2e49e61742543b7134bc063c0ba2058e1570f99