The flaw can be exploited if the user opens a wrong file or...
The flaw can be exploited if the user opens a wrong file or goes to a wrong Web site. Then the attacker can execute code as the user, who is viewing the file or Web site.
The flaw can be exploited if the user opens a wrong file or goes to a wrong Web site. Then the attacker can execute code as the user, who is viewing the file or Web site.