Reported November 17, 2004, by cyber flash
Two vulnerabilities have been discovered in IE that can be used to bypass a security feature in Windows XP Service Pack 2 (SP2) and trick users into downloading malicious files. These two vulnerabilities are:
Successful exploitation requires that the option "Hide extension for
known file types" is enabled (default setting). A malicious Web site can combine
these two vulnerabilites to trick a user into downloading a malicious
executable file masquerading as a HTML document.
Microsoft has not released a fix or bulletin that addresses this vulnerability.
Discovered by cyber flash.