It turns out there's a buffer overflow in MS Word also, so Word documents are now to be considered possible carriers of vira. So it's not just script vira anymore. Opening a word document with scripting turned off is still unsafe.
This has got nothing to do with Outlook or IE security. No saving to disk first will protect you. It's simply Word being unsafe.
This must be the best news the Open Office people have had in years!