There is a design flaw in Internet Explorer 5.0,4 for Win9x (NT versions seem unaffected) in the way it handles favorites.
This vulnerability allows reading local files and sending them to an arbitrary server.
Probably there are more serious exploits.
For more info, check the security advisory.
Reading file "c:\test.txt"