Microsoft has released a patch for Exchange Server 5.5 to fix an Outlook Web Access (OWA) problem in which special script in an HTML-format message could execute and perform operations on the user's Exchange mailbox when the user opens the message. This patch is suitable only for OWA servers running Internet Explorer (IE) 5.0 or later. Because no full set of security patches exists for IE 5.0, Microsoft recommends that companies with earlier versions of IE upgrade their OWA servers to either IE 5.5 Service Pack 2 (SP2) or IE 6.0.

http://www.microsoft.com/technet/security/bulletin/MS01-057.asp