A major flaw was found in all windows operating systems in the way that messages are sent and received between processes, potentially allowing a privalage escalation attack through a buffer overflow. This is an implementation for VBA allowing very portable execution, even on networked machines (such as my school) that disallow execution of EXE files. Note that MS Office is often blocked from opening the Visual Basic Editor; there are a number of alternative applications that support it (I use Corel Photo Paint), however.
Unfortunately the author's original Shatter article is only available from the web archive. Shatter's accompanying source code is available at Planet Mirror.
Be responsible for what you do with this code - if you get caught using it for some malicious reason, I hold no responsibility for your actions.
You'll have to supply your own shellcode - I'm not sure my webhost would let me keep that. Besides, there is plenty of it around.
Open up a Visual Basic Editor window. Import the shatter-vba.frm file. Use the CWD button to discover where to put your shellcode, then hit "Load Binary to Clipboard" to prime it for insertion.
At this stage I assume you have read the original article and understand how the "PostMessage" function works.
To fire off a message to a particular window, get focus onto the "Go!" button using the tab key. When wParam & lParam are ready, hover your mouse cursor over the required window and hit space bar.
Requirements: