We had a few discussions about security holes in Micro$oft's IIS server software a little while ago. Recently, I ran across this list of security holes in internet explorer 5.0 or later:
[guninski.com...]
Apparently malicious web sites can
a) Read the cookies from any other web site
b) completely control your entire screen, mimicing and controlling parts of your interaction with the computer
c) execute arbitrary programs that you download without knowing it
d) read, edit, or delete messages in outlook XP
e) search for files on your hard drive
f) download arbitrary files on your hard drive

etc..
Many of these holes have yet to be patched, even though M$ has been notified.

Supposedly, if your Outlook settings allow certain permissions, all of these exploits work in any opened emails as well.

And the scary part is that looking at this stuff, its not that very hard to accomplish. I could do it myself, except I have no reason to spend the time setting it up only to go to jail.