Here's is the latest from Microsoft.

The Windows Script Engine provides Windows operating systems with
the ability to execute script code. Script code can be used to add
functionality to web pages, or to automate tasks within the
operating system or within a program. Script code can be written in
several different scripting languages, such as Visual Basic Script,
or JScript.

A flaw exists in the way by which the Windows Script Engine for
JScript processes information. An attacker could exploit the
vulnerability by constructing a web page that, when visited by the
user, would execute code of the attacker's choice with the user's
privileges. The web page could be hosted on a web site, or sent
directly to the user in email.
More Info at:

Gentlemen...patch those engines.