There is a design flaw in Internet Explorer 5.0,4 for Win9x (NT versions seem unaffected) in the way it handles favorites. This vulnerability allows reading local files and sending them to an arbitrary server.
If an user adds to favorites a specially designed "javascript:" URL, later opens a local file and then choose the URL from the Favorites, his local files may be read if the filename is known.
Probably there are more serious exploits.
For more info, check the security advisory.

Demonstration:

Reading AUTOEXEC.BAT
Reading file "c:\test.txt"
Workaround: Disable Javascript or do not add to favorites untrusted pages.