After seeing all the references and digging myself i have come to a conclusion that this bid is a mistake. 1) Internet explorer does not allow any range or format or characters to be put in the address for a zone it has a proper format. 2) The zones classify and not load or whatever is written in the advisory. 3) The attacker can never know the zone settings and he cannot manipulate them in anyway. Can't see how the secniche claims attacker can modify registry through a web page. I would request the BID maintainers to take a closer look into this.
