This is what 823559 is for.
MS03-023: Buffer Overrun in the HTML Converter Could Allow Code Execution
All versions of Microsoft Windows contain support for file conversion in the operating system. With this functionality, users of Microsoft Windows can convert file formats from one to another. In particular, Microsoft Windows contains support for HTML conversion in the operating system. With this functionality, users can view, import, or save files as HTML.
There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. A vulnerability exists because a specially crafted request to the HTML converter could cause the converter to fail in such a way that it could run code in the context of the currently logged-on user. Because Microsoft Internet Explorer uses this functionality, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's computer. When a user visits an attacker?s Web site, the attacker could exploit the vulnerability without any other user action.
To exploit this vulnerability, the attacker would have to create a specially formed HTML e-mail and send it to the user. Alternatively, an attacker would have to host a malicious Web site that contains a Web page designed to exploit these vulnerabilities. The attacker would then have to persuade a user to visit that site.
By default, Outlook Express 6.0 and Outlook 2002 open HTML mails in the Restricted Sites Zone. Additionally, Outlook 98 and 2000 open HTML mails in the Restricted Sites Zone if the Outlook E-mail Security Patch has been installed. Customers who use any of these products would be at no risk from an e-mail borne attack that tried to automatically exploit these vulnerabilities. The attacker would have no way to force users to visit a malicious Web site. Instead, the attacker would have to lure them there, typically by having them click a link that takes them to the attacker's site.