This is caused because the File Picker and the File Transfer control are unsigned ActiveX controls. To solve, add the CampaignMax web as a trusted site and add ActiveX scripting privileges to trusted sites:

Do the following in Internet Explorer:

1) Select Tools / Internet Options

2) Click on the 'Security' tab.

3) Click on the 'Trusted Sites' icon (green checkbox), then the 'Sites...' button below it.

4) Add this web site to the zone: https://(campaign-max-url). If the CampaignMax protocol is http (instead of https), uncheck the 'Require server verification' option below the list of web sites. Click OK to save the change.

5) Back on the security window, click again on the 'Trusted Sites' icon, then on the 'Custom Level...' button near the bottom of the screen.

6) In the 'Security Settings' window, select the following:
ActiveX controls and plug-ins section:
Download singed ActiveX controls: Enable
Download unsinged ActiveX controls: Enable
Initialize and script ActiveX controls not marked as safe: Enable
Run ActiveX controls and plugins: Enable
Script ActiveX controls marked safe for scripting: Enable
Downloads section:
File download: Enable

7) Click OK to save changes.

8) Back on the 'Internet Options' window, click OK again.

INTERNAL SITE NOTE: If the CampaignMax website is on an internal server, the ActiveX settings under Local Intranet must be changed instead of those in Trusted Sites. In Trusted Sites you can only add sites on secure servers (beginning with 'https://').