I have created this sample page on my site to show you how an IE feature can be exploited.
For complete information about this potential IE problem
See: http://www.computerbytesman.com/security/notepadpopups.htm
A Notepad popup Window is displayed in Internet Explorer using the "view-source:" protocol. This protocol takes a complete URL as an argument and displays the HTML source code of the URL in the Notepad utility. For example, this view-source URL shows the HTML source code of the Google home page:
view-source:http://www.google.com
Notepad popup windows can be displayed from an HTML email message or Web page regardless of browser security settings. In addition, Notepad popups can access files on a hard disk, possibilly causing stability problems in a Windows system.
The following will open YOUR win.ini located on YOUR C: drive:
view-source:file:///c:\windows\win.ini
A Notepad popup is a text window which is displayed by a HTML email message or Web page using the Windows Notepad utility. Click here for a sample popup.
As this page demonstrates, surfing the web may not be safe. You should visit ONLY reputable sites and when you visit the "unknown" you need to be cautious and on guard for those that may be up to no good.
Be very, very careful....