Moderately critical

IMPACT:
Spoofing

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 6
http://secunia.com/product/11/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/

DESCRIPTION:
Liu Die Yu has discovered a vulnerability in Internet Explorer, which
potentially can be exploited by malicious people to conduct phishing
attacks against a user.

The vulnerability is caused due to Internet Explorer failing to
update the address bar after a sequence of actions has been performed
on a named window. This can be exploited to display content from a
malicious site while displaying the URL of a trusted site in the
address bar.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6 running on Microsoft Windows 2000 SP4 / Microsoft
Windows XP SP1.

Previous versions of Internet Explorer may also be affected.

More: http://secunia.com/advisories/12304/