Microsoft Raises Threat Level of Outlook Hole:
"The Redmond, Wash., software maker increased the threat level of the Outlook security vulnerability to its highest level of four — "critical." The Outlook 2002 hole could let an attacker run malicious code on a user's machine.

Microsoft originally had labeled the vulnerability as "important" and believed that attackers could only exploit the hole if users had set the Outlook Today folder as the default view for Outlook 2002, said Mike Reavey, a Microsoft security program manager.

After issuing a fix for the Outlook hole, as part of Microsoft's March security bulletin releases, the company learned from the researcher who discovered the vulnerability that attackers could reach a wider number of users by forcing them into the view in order to run an exploit, Reavey said."

"It has the potential to affect users that are in any (Outlook 2002) view at all," he said.

http://www.eweek.com/article2/0,1759,1546968,00.asp?kc=EWNWS031104DTX1K0000599