This is simple demo for IE8/IE7 (only WinXP) vulnerability described here:
http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt


[+] The first one should spawn calc.exe after pressing F1.


[+] The second one triggers stack overflow in winhlp32 process.


iSEC 2010 (C) maurycy prodeus