According to Szabo's advisory, the vulnerability is due to a boundary error within the URL-handling functionality. A malicious hacker could exploit the hole with an e-mail containing a specially crafted link.
"Attachments may be spoofed, even in the latest 6.1 version. Be careful about forwarding messages with attachments, as sensitive/private documents may be sent silently. Be careful about clicking on attachments," said Szabo, who publishes the Secure Your PC Web site.