if you are sure the ActiveX security settings are low on the client machines, you can use ActiveX components, for example (it is for ASP, but the same principle applies):
Using XML to Improve File-Upload Processing
http://www.15seconds.com/issue/010522.htm