There has been a major security hole found in IE that can allow an attacker full and total access of your box. Through the use of a corrupt HTML Help file, an attacker can execute arbitrary commands on your system which could allow them to do anything your account has the premission to do (and since most people work under the admin account, that's everything). It would just take some minor work to force your system to download and install something along the lines of SubSeven or simply erase your entire "My Documents" directory. ..and all you have to do is a single click. The security company that found the hole has an example up on it's web site. From what I understand, Microsoft does not have a patch for this and it's expected to be a while before one shows up (due to the nature of the hole I assume). http://secunia.com/internet_explorer_command_execution_vulnerability_test/ This works just fine on my fully patched XP Pro box with SP2.