Another one security hole of Outlook

M$ warn the users for the new security hole of Outlook 2000 and 2002, by suggesting the setup of a patch. The user of the Outlook can adjust it to edit his e-mails to HTML or Rich Text format with Word. The new security hole exist on the users who have done this option and they reply an e-mail which cames from a possible attacker.
The security hole was created by the difference which is on the security's options when it shows an e-mail and when it is edited.
When the Outlook shows an e-mail on HTML format, it applies the security's options of Internet Explorer (security zone), by blocking the execution of scripts.
If, a user reply or forward an e-mail, by have chosen the Word as an e-mail editor, then the Outlook leave free the execution of the scripts. A possible attacker can use that hole to send a HTML e-mail which contains the "suitable" edited scripts. When the user who has been attacked reply or forward a similar e-mail then these scripts can give the control of the PC on the attacker. M$ has released a patch that fix that hole.
More bugs:
Coming soon...