Thanks to Chris for the tip.
Microsoft is reporting a new vulnerability in IE that could lead to
information disclosure of files with known filenames to a remote attacker.
"[If] a user is using a version of Internet Explorer that is not running
in Protected Mode an attacker may be able to access files with an
already known filename and location."