I’d like to bring to your attention a tool that was posted to the full disclosure mailing list a while ago, but still useful. It is called iKAT (Interactive Kiosk Attack Tool) and allows you to exploit the local machine windows / linux from a browser web page full of nifty exploits and tools. Its very handy to browse to a site and bring up an unrestricted shell on a win32 box within seconds. There are now multiple flavors of iKAT; linux, portable, windows and photoKAT.
It also works well on those internet kiosk machines, that are all locked down usually with windows based policies 😉