For IE8 closed off the information-disclosure problem whereby JavaScript can read the .value attribute of a file upload control and determine the full local pathname, which might include information like the user’s name, profile directory, etc. Specifically, they changed from ALLOW to DENY for the Internet Zone “Include local directory path when uploading files” security setting. So, rather than sending the filename “C:\users\bill\desktop\temp\upload.txt”, instead it just send just “upload.txt”.
..

Over the last few months, I’ve run into a significant number of sites (e.g. education products, several movie sharing sites, etc) and devices (e.g. popular home routers) that this security improvement breaks, because the sites use JavaScript to attempt to parse the filename (e.g. to determine its extension). In many cases, the script will attempt to get the indexOf() the last REVERSE_SOLIDUS (\) character in the string, and since we now return only the leaf filename, those scripts will fail to parse the string and complain to the user.
..

Read more: http://blogs.msdn.com/ie/archive/2009/03/20/rtm-platform-changes.aspx