Windows Search Security Feature Bypass Vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker. A security feature bypass vulnerability exists when MapUrlToZone fails to correctly handle certain paths. This could allow an attacker to plant files without Mark-of-the-Web (MotW). To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted link to a victim and convince them to open it.