Quote
The flaw affects IIS Web servers using the Microsoft Data Access Component (MDAC) to talk to a database. Servers running the latest software, MDAC 2.7, are free from the security hole, as are servers on which an administrator has run the IIS Lockdown Tool, an application that helps secure systems.
Windows computers, except those running Windows XP, are also vulnerable if Internet Explorer 5.01, 5.5 and 6 are present, as they also use the data access component. However, attacks on such systems are harder to accomplish, Terwoerds said. Outlook Express 6 and Outlook 2000 are immune to attack in their default configurations, and other versions of the mail client can be made safe by using the Outlook E-mail Security Update, she said.