story: capabilities in action

[Alan Cox]

> > Or when "IEXPLORE.EXE has generated an illegal instruction
> > and will be shut
> > down. A log file is being written." followed by fifteen
> > minutes of intense
> > disk-thrashing in Win2K. ;-)
> 
> Taking advantage of either of these requires access to the physical
> machine and is therefore the same as the cache file exploit that I
> mentioned. In all cases, my second point still holds.

Physical access is not required:

1.	I can crash the browser by sending you a suitable html email bomb
2.	Backoffice etc is sufficient to then retrieve the core/log file

Alan