Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.