File Extensions Spoofable in Windows Explorer

[Tom Micklovitch <h_bugtraq () yahoo com>]

Don't know if this is a known issue, but I've
certainy not seen it before;

name an exe of your choice to "file.html         
                                                 
                                       .exe"

(use ASCII character 255 instead of the spaces
above)

Look at the file on any view in Windows Explorer
and all you can see is "file.html" - even if you
try to rename the file, you'll still only see
file.html because the .exe part is below the line
of erm... shit. hard to explain, play about and
you'll see what I mean.

I'm sure you could use this to spoof the name in
the download box of MSIE. (I've benn playing
about with naming the file www.something.com (to
the user it looks like a web address, but in
actual fact it's a executable .com))

=====
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d--- s--:- a--- C++++ UL++ P+ L+ E--- W+++ N- o-- K- w 
O- M-- V- PS+++ PE-- Y+ PGP++ t+ 5- X+ R tv-- b+ DI++ D+ 
G+ e* h r++ y+++ 
------END GEEK CODE BLOCK------

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/