Reported February 8, 2005 by Microsoft
An unchecked buffer exists in the Hyperlink Object Library which could allow an intruder to construct a hyperlink that, when clicked by a user, could allow the intruder to take complete control of a user's system.
Microsoft has released
Security Bulletin MS05-015, "Vulnerability
in Hyperlink Object Library Could Allow Remote Code Execution
and an associated patch.