It is technically possible to embed a small trojan program inside an image which is downloaded by the web browser. This would need to be pretty small to avoid detection, but I guess it is possible. How it would be activated is a technical issue.
However, not only is it unethical, it is very very wrong to put something onto somebody's computer without their knowledge or permission.
The best way to accomplish what you need is to be honest with your visitor and ask them to download a small application from your website or enable cookies.
But anyone who would want to browse the contents of someone else's my documents folder would make me run 1000 miles away from their site or any linked sites and clear my history cache, run antivirus and trojan sniffers and generally spring clean my system damned fast!!!!