This is simple demo for IE8/IE7 (only WinXP) vulnerability described here:
http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt
[+] The first one should spawn calc.exe after pressing F1.
[+] The second one triggers stack overflow in winhlp32 process.
iSEC 2010 (C) maurycy prodeus