You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cwe-41
About this tag
The tag cwe-41 covers improper resolution of path equivalence in Windows security zoning, specifically within the MapUrlToZone API. This weakness can allow attackers to bypass security zones, making remote or network resources appear more trusted than they are. Discussions focus on the legacy Windows API used by Internet Explorer-era components and system services to classify URLs into security zones such as Local Machine, Local Intranet, Trusted Sites, Internet, and Restricted Sites. The content explains how path equivalence issues can lead to security bypasses, highlighting a dangerous weakness in Windows' long-standing URL zoning system.
Windows’ long-standing URL zoning system has been shown to contain a dangerous weakness: an improper resolution of path equivalence in the MapUrlToZone API that can allow an attacker to bypass security zoning and make remote or network resources appear more trusted than they are.
Overview...