It's a pity that even own Microsoft programmers do not know that for the unicode version of the function TCHAR will turn into a WCHAR. And we speak about using unicode everywhere.. Here is an exploit for Windows XP Service Pack 1. NOTE: the FFFE header which can be easily created with notepad is not a new technique. It has been already used for another vulnerability in IE (see ).[Only registered and activated users can see links]). NOTE: the directory "domain HELL team" has to be read-only, otherwise it won't work. added by Radost