If you have installed Microsoft Internet Explorer 5.01 Service Pack 1 (SP1) or Microsoft Internet Explorer 5.5 on a computer that is running any operating system other than Microsoft Windows 2000, you are not affected by these vulnerabilities and do not need to apply the patch.
The following potential vulnerabilities are fixed when you apply this patch:
Buffer Overflow in Outlook Express Mail Header
When the date and time fields in a message header are improperly formatted, the result is a buffer overflow. This potentially allows someone to run malicious code on your computer.For additional information about the buffer overflow issue, click the article number below to view the article in the Microsoft Knowledge Base:
267884 E-mail Security Vulnerability Fixed in Internet Explorer 5.01 SP1
If you use Outlook Express to open an e-mail message from an Internet Message Access Protocol (IMAP) server and the message contains a long subject (larger than approximately 192 characters), a buffer overflow is the result that can potentially allow someone to run malicious code on your computer.
When you open a multimedia e-mail attachment (such as file types ending in .mid, .wav, .gif, or .mov), code that is contained in the attachment can automatically run.
For additional information about issues with multimedia e-mail attachments, click the article number below to view the article in the Microsoft Knowledge Base:
If you open an e-mail message and see the File Download attachment warning dialog box instead of the Open Attachment Warning dialog box, and then click Cancel, the attachment is not deleted from your hard disk. This temporary file may be a compiled Hypertext Markup Language (HTML) file with a .chm file name extension. You can open the attachment with the window.showHelp() method, which may run malicious code.
Outlook Express may place extracted .mht files on a local hard disk in predictable locations. This allows a cross-domain violation. Code on a remote Web page can then open files on the local computer. When these files are opened, they run in the context of the My Computer security zone.
Java Script in the Preview Pane
If you use the preview pane to view a message that contains Java Script, the script can read subsequent e-mail messages that have been opened.