Facebook Attach EXE File Vulnerability

1. Summary:

When using the Facebook 'Messages' tab, there is a feature to attach a
file. Using this feature normally, the site won't allow a user to attach
an executable file. A bug was discovered to subvert this security
mechanisms. Note, you do NOT have to be friends with the user to send them
a message with an attachment.

--------------------------------------------------------------------