A problem with the com.ms.activeX.ActiveXComponent java object can cause Internet Explorer 5.5 and Outlook Express to execute arbitrary programs. It is important to understand that Outlook Express with "security update", although more difficult, can also be exploited.
It is unclear if Microsoft was notified by Mr. Guninski. Windows IT Security has forwarded the necessary information to Microsoft for response. Updates will be added as they become available.