This page illustrates a CEH example code which enables an attacker to browse the victim's public shares using the Microsoft shares protocol (SMB).
This page opens a java socket connection to the host of the web server on port 445 (SMB) and sends 3 packets to that port in order to anonymously login and enumerate the files of a local share.
This technique overcomes the "same origin policy" because it opens the socket to the same host as the web server but on a different port.