Internet Explorer Vulnerability: Content-Location works with both triple and double slash

After I reported the Content-Location Vulnerability http://www.securityfocus.com/archive/1/342317, Thor Larholm explained that the html execution was not caused by the Content-Location header, but instead by the triple slash file:///. I have tested it with double slash and I even tested the tripl...