xp sp2 weaknesses

["Richie B." <richie () NO-SPAM-HERE com>]

I haven't seen this report here yet.

Flaws in SP2 security features
==============================

1) The command shell cmd.exe ignores the ZoneID of files.
2) Windows Explorer caches the result of ZoneID lookups. If a file is
overwritten, Explorer does not properly update this cached information
to reflect the new ZoneID. This allows spoofing of trusted or
non-existant ZoneIDs by overwriting files with trusted or non-existent
ZoneIDs.

URL: http://www.heise.de/security/artikel/50051

Cheers,

Richie