[Bush2000]

It appears to work fine on my Windows XP laptop.

You're either lying -- or you're tuning the sample to your config. There's no way that it can run an executable from C:\WINDOWS\TEMP under XP when the exe will be downloaded to C:\DOCUMENTS AND SETTINGS\[USER]\Local Settings\Temp

[justlurking]

You're either lying -- or you're tuning the sample to your config.

I'm doing neither. I'm simply running the demo:

http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/

If I understand it correctly, they are claiming that you can be led to believe you are opening an PDF file, instead of something else.

The demo actually opens an HTML file. But, it could just as easily be an executable. If I can figure out all the details, I'll create a better demo.

BTW, Mozilla Firebird will do something similar, with one exception: it will tell you that you are opening an HTML file, rather than a PDF file. Since Firebird will warn you separately about opening an executable file, the protection is a little better, but not foolproof for people that open attachments in email from unknown senders.

[adam_az]

You're either lying -- or you're tuning the sample to your config. There's no way that it can run an executable from C:\WINDOWS\TEMP under XP when the exe will be downloaded to C:\DOCUMENTS AND SETTINGS\[USER]\Local Settings\Temp

BUSH LIED!!!

No, not the President, just the uneducated pretender who uses his name. ;)

It could always just point to c:\Documents and Settings\%username%\

Type that into your browser if you don't believe me, or from a dos promt, type
c: (if you aren't already on the c: disk)
cd \Documents and Settings\%username%\

Ever hear of an ENVIRONMENT VARIABLE, Bushie? You are farm league, yet you feign skillz.