I think that you would have to send c with this file to get this buffer to overflow say the dump value of umm 1000 bits atleast and a letter would probally be used, i think it's more a vunrability that can be exploited by an indervidual from a remote location rather than a web page. atchally no thinking about it thats tosh ignor you could easyily do it through a web site. O the joys of microsoft, but hey this is going to make it one hell of alot stronger in the future by not having to pay for people to find the flaws.