Ha, I didn't know this still existed. I 'hacked' our school PCs running Windows 3.11 using this technique.

The sysadmin locked down every possible way to run executables apart from those he exposed in Program Manager. Of course, everyone had Word. Simply embedding an OLE object let me run any exe.