This Web page was designed to illustrate the problem of HTML-based Email readers automatically execuing JavaScript programs and ActiveX contols embedded inside of Email messages. This page silently loads the contents of the AUTOEXEC.BAT file into a form field. Once in the form field, the file contents can be silently send via Email to the "bad guys". The Email portion of this demo has been removed for privacy reasons.

This message uses Microsoft's TDC (Tabular Data Control) ActiveX control to read files from the hard disk. This control is available on any Windows system that is running the Internet Explorer 4 browser. Because the TDC Activex control is signed and already loaded on a computer, there are no security warnings when this page is loaded.

If the page is downloaded from a Web server, the TDC control will refuse to read any files from the hard drive. However, if the page is sent as an Email attachment, hard disk files can be accessed by the page when the attachment is clicked on.