My first attempt at an SEH overwrite exploit. Anyhow, I first posted about this issue regarding version 7 of this control, Will Dormann of the CERT/CC discovered versions 6 and 6.5 are vulnerable too, see Dwa7w.dll and inotes6w.dll are unicode, thats my next project. Code is inline and attached. --------------------- IBM Domino Web Access Upload Module inotes6.dll SEH Overwrite Exploit Unable to create object --------------------- Elazar -- Compare Cell Phone Carriers- Click Now.