Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.
https://exchange.xforce.ibmcloud.com/vulnerabilities/25573
http://www.securityfocus.com/bid/17325
http://www.securityfocus.com/archive/1/430871/100/0/threaded