Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Using a null byte (%00) in the filename field found in the Content-disposition header, a remote web server may be able to disguise the content type of a downloaded file, leading to code execution. If "inline" is specified in the Content-disposition header, command execution could automatically occur without any user interaction.
Install the patch referenced in Microsoft Security Bulletin 01-058.
This exploit requires a user on the affected system to follow a link to the exploit using Internet Explorer.