http://www.secunia.com/advisories/10736/



The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by embedding a CLSID in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files.


when combined with the other hole found earlier, the results wouldn't be pretty.

Yet another reason not to use IE.

hey nj, cool site, pple should also look at this:
http://www.secunia.com/internet_explorer_address_bar_spoofing_test/
I guess that's how they tricked me into thuinkin' I was on paypal the other day..
when is M$ gonna fix this?!!

well, it's M$.. don't get your hopes up...

they still haven't fixed the bug you mentioned, and that's 'bout a month and a half old.

i think they fixed it now... u gotta dl the patch..