By using class id in content-disposition it's possible ti spoof file type. Content-Disposition: attachment; filename=malware.{3050f4d8-98B5- 11CF-BB82-00AA00BDCE0B}fun_ball_gites_pie_throw%2Empeg"
vulners.com/securityvulns/securityvulns:doc:6493