<snip http-equiv> Nice. Now, you really don't need those hardcoded Win98 vs Win2K paths, there are several vulnerabilities that allows you to determine whether local files/paths exists or not (and read them, should you feel like it). There's a small list on http://jscript.dk/unpatched/ of the vulnerabilities that remain unpatched in IE6 with all patches installed. Most have been publicly known for 1½ month so far. The GetObject and XMLHTTP bugs should be your first choice in local path detection, and the codebase localpath should be your currently most feared. I hate making lists like these, as they tend to indulge the culturally impaired (script kiddies) to use the examples. It does, however, help in putting pressure to those that need to provide patches (MS). Before complaining about the short(?) list, keep ind mind that the above is only a list of publicized vulnerabilities that remain unpatched - not a list of all IE vulnerabilities (detailing that would seem to be a fulltime job). If I forgot to mention a vulnerability or two that remain unpatched, forgive me or write me. Regards Thor Larholm Jubii A/S - Internet Programmer
