Der ist nett: Redirect file:// links to SMB
We identified four commonly used Windows API functions that allow for redirection from HTTP/HTTPS to SMB. Early testing found that they are used by a wide range of software features such as updaters and usage reporting tools.
This discovery opened up a wide range of new attack methods. When combined with a man-in-the-middle attack, an attacker can force authentication attempts with an SMB server using susceptible applications and services that transmit data over HTTP or HTTPS.
Den Bericht gibt's hier. (Danke, Obri!)
Microsoft did not resolve the issue reported by Aaron Spangler in 1997.