Visit an attacker's webpage using Microsoft's browser on Microsoft's operating system, and the attacker can execute arbitrary code on your system with your full privileges. Oh, and thanks to Microsoft innovation - you may remember this from the trial - the browser is integrated with the OS, so reading e-mail from an attacker (opening attachments not necessary) also gives them full access to your machine. MSIE 5.5 is vulnerable, and MSIE 5.01 is vulnerable unless you've installed Internet Explorer 5.01 Service Pack 2.
You can get full details from Microsoft, as well as a patch to fix this, here.
Basically, if you have Internet Explorer 5.01 or 5.5 installed, you need to do this as soon as possible, or risk nasty problems.
Thanks to Slashdot for the posting and to Kriptopolis for discovering this bug.