Microsoft recommends that Outlook users who use Microsoft Word as their email editor--a configuration known as WordMail--install a new patch for Word. The update fixes a vulnerability that could let harmful scripts run if the user replies to or forwards an HTML message. Microsoft Office XP Service Pack 1 (SP1) or Office 2000 Service Release 1/1a (SR1/1a) is a prerequisite.

http://www.microsoft.com/technet/security/bulletin/ms02-021.asp