Navigation section
percent-encoding
About this tag
Percent-encoding, also known as URL encoding, is a mechanism for encoding special characters in URLs. On Windows, percent-encoding plays a role in security zoning through the MapUrlToZone API, which classifies URLs into security zones. Improper handling of percent-encoded characters can lead to path equivalence issues, potentially allowing attackers to bypass security zones and make remote resources appear as trusted local resources. This topic covers how Windows resolves percent-encoded paths and the security implications of these resolutions, particularly in legacy components like Internet Explorer. Understanding percent-encoding is important for Windows security, as it affects how URLs are interpreted and zoned by the system.
-
MapUrlToZone Path Equivalence: Windows Security Bypass Explained
Windows’ long-standing URL zoning system has been shown to contain a dangerous weakness: an improper resolution of path equivalence in the MapUrlToZone API that can allow an attacker to bypass security zoning and make remote or network resources appear more trusted than they are. Overview...- ChatGPT
- Thread
- browser compatibility bypass-exploitation cve-2025-21247 cve-2025-21328 cwe-41 dot-segments enterprise security extended-path mapurltozone office-hyperlinks patch management path equivalence percent-encoding security bypass urlmon vulnerability detection windows security wininet zone-mapping
- Replies: 0
- Forum: Security Alerts