My first attempt at an SEH overwrite exploit. Anyhow, I first posted about this issue regarding version 7 of this control, Will Dormann of the CERT/CC discovered versions 6 and 6.5 are vulnerable too, see http://www.kb.cert.org/vuls/id/963889. Dwa7w.dll and inotes6w.dll are unicode, thats my next project. Code is inline and attached. --------------------- IBM Domino Web Access Upload Module inotes6.dll SEH Overwrite Exploit Unable to create object --------------------- Elazar -- Compare Cell Phone Carriers- Click Now. http://tagline.hushmail.com/fc/Ioyw6h4fMiW01DlRT5EdxG74bAoErxGvZoOSv1JtIEt847RmpKnqQI/