TUCoPS :: Browsers :: hack3699.htm

Possible new cross zone scripting in IE
Possible new cross zone scripting in IE



title:Possible new cross zone scripting in IE

program:MS Internet Explorer

test on:IE 6.0(sp1),winXP/ME



Proof of Concept:

      From res://C:\WINDOWS\SYSTEM\BROWSELC.DLL/mbOffline.htm

,i found 



this links to a folder(c:\My document\My Music).



I built a page(http://www.freewebs.com/applesoup/shell_my_music.htm) like following: