CVE 1999-1128
Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.
See the
CVE page on Mitre.org
for more details.