A bug found in Internet Explorer and Outlook Express 5.5 makes is possible for a person to remotely read files and local and mapped (UNC) drives.
By exploiting the functionality of the GetObject () JScript and the "htmlfile" ActiveX object a remote user could read files. Example HTML as provided by Georgi Guninski is as follows;
It is unconfirmed if Microsoft has been made aware of this issue. A suggested workaround is to disable active scripting.