Exploit thought: .com is both domain and Windows executable extension

Windows-specific.
A site in the .com domain can save a page to a file name equal to the domain name. If that file happen to be valid .com executable that might be executed by a user easily...