Hi,
Last MS patch Q290108 released with the bulletin MS01-020 opens a new
vulnerability.
A tricked EML file can confuse the user displaying him a fake downlodaded
file name. Executable files can be disguised as other supposedly inocent
files (text, sound or images).
Demo is available in :
http://www.kriptopolis.com/cua/20010404.html
The issue was reported to MS on 22 february and they argue : this is not a
vulnerability as far as It involves a use decision.
Jesus López de Aguileta has also posted the vulnerability to this list.
Juan Carlos G. Cuartango
