The Preloader ActiveX control used by Internet Explorer allows remote malicious users to read arbitrary files.
microsoft internet explorer 4.0
microsoft internet explorer 5.0