The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by embedding a CLSID in the file name. This could be exploited to trick users into opening “trusted” file types which are in fact malicious files.
when combined with the other hole found earlier, the results wouldn’t be pretty.
Yet another reason not to use IE.
