From a discussion paper on MIME vulnerability at Microsoft's site.
Nice to see the chicks get a mention as possible perps

"An attacker could use this vulnerability in either of two scenarios. She
could host an affected HTML e-mail on a web site and try to persuade
another user to visit it, at which point script on a web page could open
the mail and initiate the executable. Alternatively, she could send the
HTML mail directly to the user. In either case, the executable attachment,
if it ran, would be limited only by user's permissions on the system"

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listserv@mitvma.mit.edu with SET PICList DIGEST in the body