Vulnerable ---------- - Microsoft Internet Explorer 6.0 (lower was not tested) - Microsoft Windows XP Pro - Microsoft Windows XP Home - Microsoft Windows 2003 Server Enterprise - AOL Instant Messenger 5.5 to 4.3 tested There is a problem in internet explorer where a file can be displayed as html even though the file is not an html file. Also the file can be run in My Computer zone where lower restrictions apply. Aol instant messenger buddy icons (& maybe themes not tested) is just ONE way to get a file in a known location on the hard drive. All environments where tested fully patched from Windows Update & double checked with Microsoft Baseline Security Analyzer 1.2. Would you like to know more? Qwik-Fix (If you've not already installed it), protects against this vulnerability.