Reply to Message

By default, Outlook 2007 won't run code in attachments. (Neither will 2003. I'm not sure about 2000.)

The preview won't run executables, and asks you if you want to display pictures that aren't embedded in the e-mail. (A common tactic of spammers is to include an image in the e-mail that pulls from their server. Once you pull the image, they know your e-mail address is live and they send more junk to you. That's why Outlook has an option in it [set by default] that makes you click a link to display such pictures.)

So, no, this doesn't give virus writers, spammers, etc., any advantage.