There is a bug in Internet Explorer 5.0 which allows reading and sending local files.
The file name must be known.
Thanks to Juan Cuartango for his exploits, which helped me a lot for discovering this vulnerability!
Written by Georgi Guninski
Workaround: Disable JavaScript