[adr_]

This sounds basically the same as:

http://lcamtuf.blogspot.com.au/2014/03/messing-around-with-d...

[jerf]

A similar technique used to build the payload, but the linked paper does have a more sophisticated technique for setting the target's filename arbitrarily, without having to somehow craft a link with a "download" attribute on a target website.