See:
http://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.czardas.co.uk%2Fdownloads%2FAutoMathEdit.zip&ref_sel=Google&ua_sel=ff7Zip is what I use by default myself, a very good choice, as I am allowed to say so.
I have no direct explanation for the anomalies we have found.
They were found in post header response protocol of that particular website link, you provided the zip file on.
Of course the site should be hardenend against giving off too much excessive header info, etc.
Here for instance you learn how to do that:
http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html It is just a question of the right configuration.
There are still an awful lot of websites that give away too much info to attackers
about server software version, installed 3rd party software, plug-ins etc.
The attacker(s) just have to look up the right vulnerabilites and
attack procedures and hoopla with even some php weaknesses,
they are granted an easy way in to do their mischief.
Pass this info on, because not too many webmasters are aware of these basics,
and too many sites become infested that way to infest unaware users.
Furthermore often lax and sloppy IT maintanance by hosters is responsible for this,
especially where money comes before security,
Stay safe and secure in the future is the wish of,
polonus