Affects most web application platforms, including Java, .NET, PHP, Cold Fusion.

This attack involves the use of header injection, particularly the Content-Disposition header, to subvert HTTP responses from trusted domains. Attackers can use this technique to inject a malicious file download with an arbitrary filename .html, .exe, .swf, .mov, .msi, .vbs, etc...) and arbitrary file content. Since the attack subverts an existing HTTP request, both the URL and the downloaded file use a trusted domain.

More at http://www.securityfocus.com/archive/1/490537
Full details (requires PDF reader) http://www.aspectsecurity.com/docume..._Injection.pdf