http://msmvps.com/blogs/alunj/archive/2008/10/12/1650663.aspxI recently got around to converting an old MFC project from WinHelp format to HTML Help. Mostly this was to satisfy customers who are using Windows Vista or Windows Server 2008, but who don’t want to install WinHlp32 from Microsoft. (If you do want toenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/alunj/archive/2008/10/12/1650663.aspx#1650737Mon, 13 Oct 2008 22:01:56 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1650737David LeBlanc<p>Another point, and part of why winhlp32 got removed is that a .hlp file is equivalent to an executable. I&#39;ve blogged about this before, but basically, a help macro could invoke system(arbitrary_command). This is by (very old, antique) design, which makes them fundamentally insecure. If you don&#39;t want to contribute to your customer&#39;s insecurity, update to a help system that&#39;s newer. We&#39;ve only been told to use HTML help for about the last 10 years.</p> <p>This is also why the people who seem to find an overrun in winhlp32 about once a year or so for .hlp or .cnt files are working too hard. Kind of like finding an overrun in the batch file handler. May as well just run the command you want instead of dinking with shell code.</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1650737" width="1" height="1">