After seeing all the references and digging myself
i have come to a conclusion that this bid is a mistake.
1) Internet explorer does not allow any range or
format or characters to be put in the address for
a zone it has a proper format.
2) The zones classify and not load or whatever
is written in the advisory.
3) The attacker can never know the zone settings
and he cannot manipulate them in anyway. Can't
see how the secniche claims attacker can modify
registry through a web page.
I would request the BID maintainers to take a closer look into this.