It probably should be disabled on most machines. The last time I heard about it was @swiftonsecurity complaining about it being an easily overlooked malware vector.
I'd be surprised if this capability is only available from jscript though. (and sad, I don't think jscript has been updated in years)
I'd be surprised if this capability is only available from jscript though. (and sad, I don't think jscript has been updated in years)