PDP has a good example of when the non web world can be exploited by web world functionality. In his writeup
he described how second life's URI handler can be used to steal the encrypted password hash that can be replayed
and used to login to a users account.
"Keep in mind that most attacker don’t event have to convert the hash
back to a password string. Attackers can login with the hash itself by
forging a request to one of the SecondLife authentication servers. The
unhashed password is only needed in situations where the attacker wants
to explore other on-line service the victim is currently registered
with." – PDP
A variation of CSRF at its finest.
Article Link: http://www.gnucitizen.org/blog/ie-pwns-secondlife
