Microsoft Security Advisory MS02-021 - Outlook 2000 and 2002 provide the option to use Microsoft Word as the e-mail editor when creating and editing e-mail in either Rich-Text or HTML format. A security vulnerability exists when Outlook is configured this way and the user forwards or replies to a mail from an attacker. This could be exploited by sending a specially malformed HTML e-mail containing a script to an Outlook user who has Word enabled as the e-mail editor. If the user replied to or forwarded the e-mail, the script would then run, and be capable of taking any action the user could take. Microsoft FAQ on this issue available here.
af9c8675fffa8910762ed27d32e08eb80905d4226158a10cdc3c91975f932db5