This document describes several design features of Internet Explorer that entail low security risk if considered individually but can lead to interesting attack vectors when combined together. Several attack scenarios that rely only on combinations of these low risk Internet Explorer features are explained and proof of concept code was developed that demonstrate they are feasible.

Wednesday, February 3, 2010