The HHCtrl ActiveX control has a serious vulnerability that allows remote intruders to execute arbitrary code, if the intruder can cause a compiled help file (CHM) to be stored "locally." Microsoft has released a security bulletin and a patch for this vulnerability, but the patch does not address all circumstances under which the vulnerability can be exploited. This document discusses some of the additional ways in which this vulnerability can be exploited. Some common circumstances under which this vulnerability can be exploited are addressed by the Microsoft patch; others are not. Read this document carefully with your network configuration in mind to determine if you need to take any action. In recent discussions with the CERT/CC, Microsoft has indicated they do not plan to alter the patch.