We already knew pressing the back button on IE is dangerous
(http://online.securityfocus.com/archive/1/267561) So it wont come as a total shock that so is clicking a link :) The problem lies in the dragdrop method that was added as a method on nearly all HTML elements in ie5.5 This method makes any element act like its being dragged. It is possible to abuse this behaviour to drop text in a html upload control thus allowing you to read any file from an unsuspecting users harddisk.
Would you like to know more? Thanks PivX.