[原文]The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
Microsoft IE Scriptlet Invoking ActiveX Arbitrary File Access
Remote / Network Access,
Loss of Confidentiality
Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The ActiveX control used for invoking scriptlets can be used to render arbitrary file types instead of strictly HTML files, which could allow a malicious web site operator to create a script that would access arbitrary files on the victim's system resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.