在处理MHTML URLs时存在远程代码执行漏洞，攻击者可以在本地机器安全zone里IE里运行HTML代码，这样攻击者就可以完全控制受影响系统。

风险等级：
Microsoft Outlook Express 5.5 SP2 严重

Microsoft Outlook Express 6 严重

Microsoft Outlook Express 6 SP1 严重

Microsoft Outlook Express 6 SP1 (64 bit Edition） 严重

Microsoft Outlook Express 6 on Windows Server 2003 严重

Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition) 严重

受影响系统：
Microsoft Windows NT® Workstation 4.0 Service Pack 6a

Microsoft Windows NT Server 4.0 Service Pack 6a

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP and Microsoft Windows XP Service Pack 1

Microsoft Windows XP 64-Bit Edition Service Pack 1

Microsoft Windows XP 64-Bit Edition Version 2003

Microsoft Windows Server™ 2003

Microsoft Windows Server 2003 64-Bit Edition

Microsoft Windows 98, Microsoft Windows 98 SE ，Microsoft Windows ME

攻击方法：
暂无有效攻击代码

解决方案：
补丁下载：

Microsoft Outlook Express 5.5 SP2
http://www.microsoft.com/downloads/details.aspx?FamilyId=88D8F9DC-589A-4CE5-BB04-CCEDCB8ADDBA&displaylang=en

Microsoft Outlook Express 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=DCEB332E-CAE4-4743-B6AB-EDC1CD625AE0&displaylang=en

Microsoft Outlook Express 6 SP1
http://www.microsoft.com/downloads/details.aspx?FamilyId=925628BD-1B5F-4B21-8DB6-EDE1C73F97B5&displaylang=en

Microsoft Outlook Express 6 SP1 (64 bit Edition)
http://www.microsoft.com/downloads/details.aspx?FamilyId=DEDBA3EA-05EC-45AF-8795-5F785D83CA77&displaylang=en

Microsoft Outlook Express 6 on Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=1C44FB27-6A9D-42AE-8E06-3ADBB7896BCD&displaylang=en

Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C765E4F3-19A4-45CF-BE99-28C136B14E30&displaylang=en