The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.Referenceshttp://marc.info/?l=bugtraq&m=95868514521257&w=2http://www.securityfocus.com/bid/1221
