Asking for help in Windows could lead to more trouble. A newly discovered vulnerability in Internet Explorer (IE) leverages the ability of a Visual Basic script to invoke a .HLP (Windows Help file format) file, which could give a remote attacker the ability to run arbitrary code on an affected system. Visual Basic uses the following syntax to call the MsgBox function , which is used to display message boxes: MsgBox(prompt[,buttons][,title][,helpfile,context]) However, if a specially crafted .HLP file passes as a variable, remote users would be able to run arbitrary code on an affected system

View original post here:
Calling Windows for Help May Lead to Vulnerability