(no title)

And WordPad was built on top of the "RICHEDIT" window class, and exposed lots of the OLE features provided by the rich text control. "Insert Object" is a powerful and potentially dangerous feature with a lineage going back to the Windows 3.1 days. As long as your DLL is registered correctly, any document in an OLE-capable program can cause objects from that DLL to become instantiated and deserialized.

Getting rid of documents able to instantiate arbitrary OLE controls is a good reason to try to remove WordPad. It's not just some simple styled text editor.