Microsoft Internet Explorer contains a programming error that may allow a remote attacker to execute commands on a vulnerable system. The attacker needs to supply VBScript to invoke winhlp32.exe, which can then be used to execute commands via a specially crafted .HLP file.

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2010-02-26.html