What's wrong with this code, part 7

This rather fascinating issue came up in an internal DL on Friday.  Consider the following hypothetical code that return TRUE if a particular class is registered with COM:

bool IsClassRegistered(CLSID ClassID){ HKEY classesKey = NULL; HKEY clsidKey = NULL; LONG result; LPOLESTR classString = NULL; bool returnVal = false; result = RegOpenKeyExW(HKEY_CLASSES_ROOT, L"CLSID", 0, KEY_READ, &classesKey); if (result == NO_ERROR) { HRESULT hr; hr = StringFromCLSID(ClassID, &classString); if (hr != S_OK) { goto Cleanup; } result = RegOpenKeyExW(classesKey, classString, 0, KEY_READ, &clsidKey); if (result == NO_ERROR) { returnVal = true; } }Cleanup: if (classString != NULL) { CoTaskMemFree(classString); } if (clsidKey != NULL) { RegCloseKey(clsidKey); } if (classesKey != NULL) { RegCloseKey(classesKey); } return returnVal;}  

In this case, there are two known issues, one serious, one that is somewhat more hypothetical.  In order to understand both of these issues, it's necessary to understand the context for this code.  In this case, a service author decided that they wanted to be clever about their COM registration, and delayed their COM registration until the first user API called.  They wrote this function to see if they had already registered their class.

As always, answers tomorrow, with associated kudos and mea culpas :)