There is a bug in Internet Explorer 4.x (patched) which allows reading local files and sending them to an arbitrary server.
The problem is: if you add '%01someURL' after the an about: URL, IE thinks that the document is loaded from the domain of 'someURL'.
This circumvents "Cross-frame security" and opens several security holes.
This will try to read C:\AUTOEXEC.BAT using TDC.
The bug may be exploited using HTML mail message. The exploit uses Javascript. For more info see the source.

Workaround: Disable Javascript.
Written by Georgi Guninski.