Microsoft Security Bulletin MS02-005 details six newly discovered flaws in Internet Explorer (IE), some of which malicious users can exploit in HTML mail messages. The "11 Feb 2002 Cumulative Patch for Internet Explorer" is available for IE 6.0, IE 5.5 Service Pack 2 (SP2), IE 5.5 SP1, and, for Windows 2000 only, IE 5.01 SP2.

Outlook 2002 users who have unblocked Microsoft Access .mdb files should be particularly diligent about installing this update, because one of the exploits involves Visual Basic for Applications (VBA) code in a hidden .mdb file.

http://www.microsoft.com/technet/security/bulletin/mS02-005.asp