“I thought this was an april fools but it’s a day too early”
read more about it here.
according to the guy, he found a .hlp heap overflow. in the advisory linked to above, he tells the following story:
as .hlp is a “scriptable environment” microsoft decided to reject this issue on the grounds that a scriptable environment cannot be trusted anyway.
that is why he says he thought it might be an april fools joke.
apparently, idefense didn’t want to buy it.
his original advisory can be found here: http://www.open-security.org/advisories/15
have fun reading!