Windows NT, 2000, XP, 2003 - Remote Code Execution via Crafted .hlp File
Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.