CritterNYC - 6:12 am on Oct 24, 2006 (gmt 0)
It is a defect in Internet Explorer as well as Outlook Express. Even though the actual bug is within a component of Outlook Express (which is installed by default in Windows), Internet Explorer is the *ONLY* browser that lets a webpage access and abuse that vulnerable OE component. Opera doesn't. Firefox doesn't. So, the problem is with Internet Explorer and Outlook Express. Microsoft could fix *either* program to solve this issue (though they should fix both).