Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27567
http://www.securityfocus.com/archive/1/439660/100/200/threaded
http://www.securityfocus.com/archive/1/439153/100/0/threaded