Security Note: File extensions spoofable
by Volker Weber
Security Note: File extensions spoofable in MSIE download dialog: Oy Online Solutions Ltd's security experts have found a flaw in Microsoft Internet Explorer that allows a malicious website to spoof file extensions in the download dialog to make an executable program file look like a text, image, audio, or any other file. If the user chooses to open the file from its current location, the executable program will be run, circumventing Security Warning dialogs, and the attacker could gain control over the user's system.
