It uses a vulnerability that allows another computer on the same network to execute arbitrary code on your computer. So you work for a UK hospital, your co-worker downloads an attachment and executes it, and that can be enough to get on your machine if it doesn't have up-to-date security patches.