The same day that various Office flaws were brought into the public light, yet another Windows vulnerability has been reported. This one could spell trouble, as it has the potential to cause code execution and ultimately system compromise. The problem, which McAfee reported, is in Windows help files. Currently, Microsoft's advice is to “use caution” :
Microsoft said it is aware of the issue and advises caution with ".hlp" files, which are as unsafe as ".exe," as both file types are executable, it said.
The scope of this flaw is probably limited, as .HLP files aren't exactly in abundance and aren't something most people expect to encounter. By that same token, they are also considered to be benign and something simple enough to be trusted.