Buffer overflow in the remove_quote function in convert.c for html2hdml 1.0.3 allows remote attackers to execute arbitrary code via a crafted HTML file.