The vulnerability results from different security settings in the two applications used when an e-mail is being read and when it is being written, Microsoft said.
When an e-mail is displayed in Outlook, the program uses the security settings of Internet Explorer, often configured to disallow the execution of scripts. But when the e-mail is replied to or forwarded using Microsoft Word as the application to write the e-mail, Word's security settings are used, which allow scripts to be run, the company said.
If an attacker were to send an HTML e-mail containing a script to a user who had their PC configured this way, then any code of the attacker's choice could be run on the target PC if the user replied to or forwarded the e-mail, said Microsoft.
Users who have applied Office XP Service Pack 1 are protected against this hole, the company said.