Symptom

========

Consider the scenario of a simple corporate intranet Web site that includes a list of executable links on a friendly Web page. The links are intended to be downloaded and run immediately.

image

Result

=====

Even if the executable files have been signed and the signer is trusted by the user, Internet Explorer will still display the File Download dialog box.

Assessment

==========

Internet Explorer contains a predefined, hard-coded list of file extensions that it inherently distrusts. These extensions correspond to generic executables and other kinds of files that have the capability to harm the user's machine without the proper security safeguards. The File Download dialog box cannot be prevented for any files of these types. The Always ask before opening this type of file option will be grayed out on the dialog box and you will not be able to select it.

Following is the list of the file extensions for these file types.

ade .csh .lnk .mda .pif .vb

.adp .exe .mad .mdb .prf .vbe

.app .fxp .maf .mde .prg .vbs

.asp .hlp .mag .mdt .pst .vsd

.bas .hta .mam .mdw .reg .vsmacros

.bat .inf .maq .mdz .scf .vss

.cer .ins .mar .msc .scr .vst

.chm .isp .mas .msi .sct .vsw

.cmd .its .mat .msp .shb .ws

.com .js .mau .mst .shs .wsc

.cpl .jse .mav .ops .tmp .wsf

.crt .ksh .maw .pcd .url .wsh

Reference KB:
Executing files by hyperlink and the File Download dialog box in Internet Explorer

http://support.microsoft.com/kb/232077/en-us