HHOPEN: This control is a little more difficult to exploit, as the RET address is in the middle of the string, and once again there is no easy way to RET to our code, so I have RET'd to ExitProcess directly instead. In this case, OpenHelp is the vulnerable method, and the exploit is possible when the method is called with a valid help file, and a long Help Section.