Execution of exe via HTML in IE 5.5 and 6.0 has been found. This is quite a security hole if true. While quite a complex seeming attack involving js and loading of temporary files, attack code could be small 500byte file.