The default installation process for IE, Outlook and Outlook Express appears to have a security flaw. The severity of the flaw is still being assessed, but there definitely seems the potential for a buffer overflow, and the flaw could allow an attacker to gain access to users' systems remotely. Systems at risk include those running Windows XP with Service Pack 0 or 1 and Windows 2000.