<!--
Every bit of real testing I've seen shows this is not a real vulnerability in IE. --> surely you jest. It is the Key to the Kingdom. To quote the original finder, way back in June of 2003: "allows remote attacker to traverse "Shell Folders" directories. A remote attacker is able to gain access to the path of the % USERPROFILE% folder without guessing a target user name by this vulnerability." shell:desktop "C:\Documents and Settings\%USERNAME%\Desktop" Perhaps you missed these "real" tests: http://poc.homedns.org/execute.htm http://62.131.86.111/security/idiots/malware2k/installer.htm or maybe you didn't. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html