It's a minor nuisance. It requires people to click on a local file. If a criminal can get a user to do that, he will not waste that opportunity on crashing the desktop.
>As was the case nearly 20 years ago, webpages that use the bad filename in, for example, an image source will provoke the bug and make the machine stop responding. Depending on what the machine is doing concurrently, it will sometimes blue screen. Either way, you're going to need to reboot it to recover. Some browsers will block attempts to access these local resources, but Internet Explorer, for example, will merrily try to access the bad file.
