This is XSS that only works using IE By Saving malicous code as a .pdf and uploading as a attchment on a post. when the attachment is viewed in IE only the code will be executed.