Windows has had the ability to embed HTML into it’s user interface for many years. Right back to and including Windows NT 4.0, it has been possible to embed HTML into the task bar, but the OS has always maintained a sandbox, from which the HTML has been unable to escape. All this changes with Windows Vista.
This document attempts to summarise the changes introduced with Microsoft’s Windows Vista and highlights some of the new attack surfaces it brings.
