This bulletin addresses a vulnerability that could allow an attacker to run code of the attacker’s choice on a user’s machine. To exploit the vulnerability, attacker would have to be able to cause Windows to open a specially constructed MHTML URL, either on a web site or included in an HTML email message.

For more information and patch availability: Microsoft Security Bulletin MS03-014