Put a CLSID in the filename.
Post links to the file, cloaking them as http://email@example.com/virus/whatever via the previously announced URL cloaking bug.
Wait for anyone using Internet Explorer to click on the innocent-looking link and get asked if they want to open the HTML web page.
Cackle as their computer downloads the executable and runs it, without prompting them further.
Solution: Switch to Mozilla, or don’t click on “Open” to open files. © mathew 2017
© mathew 2017