Here is the first flaw . A good one at that. In IE this will be caught (If you have the right settings). Try this in CHROME even after ticking the “Ask where to save each file.” . It fails miserably. Reportedly this is because CHROME is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser. Apple closed the carpet-bombing problem in Safari v3.1.2.
Keep watching this space for more.
Read more here