The following alert was put out by the SANS Institute.
The fix referred to has been out for some time and some
may have already patched the hole.  If you haven't, or you
are not sure, it is worth the effort to run the "correction script"

**********************************************************************

-- 10 May 2000  Email viruses are now spreading WITHOUT THE USER
                OPENING ANY ATTACHMENT.
Personal computers running Internet Explorer (IE) version 5.0 and/or
Microsoft Office 2000 are vulnerable to virus attacks using most email
systems, even if the email recipient opens no attachments.  You don't even
have to use IE; just have it installed with the default security settings.
 If you have not closed the hole, you can receive viruses (and spread
them) by viewing or previewing malicious email without opening any
attachment, or by visiting a malicious web site. The problem is caused by
a programming bug in an Internet Explorer ActiveX control called
scriptlet.typelib.  This is by far the fastest growing virus distribution
problem and ripe for a hugely destructive event - at least as large as the
ILOVEYOU virus.  Updating your virus detection software, while important,
is not an effective solution for this problem. You must also close the
hole.  The hole can be closed in five minutes or less using tools
available at Microsoft's security site:
http://www.microsoft.com/security/bulletins/ms99-032.asp The correction
script may be run directly from:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick
FitzGerald of Computer Virus Consulting Ltd. for raising the visibility of
this dangerous problem.

**********************************************************************

--

 Ken  De Cruyenaere    Computer Security Coordinator
 kdc@cc.umanitoba.ca   Information Services & Technology
 (204) 474-8340        University of Manitoba