You can find a simple exploit for the Eeye vulnerability on Microsoft WordPerfect Document Converter Buffer Overflow : http://valgasu.rstack.org/word.zip Modify the source and add new targets OS. This exploit works on several french Windows NT/2K with Word 2000 9.0.2812 but it's trivial to modify exploit for Word 2000 SR1 for example (offset in file of eip isn't the same). Read source code and test your own system. Valgasu