Moderately critical


From remote

Microsoft Internet Explorer 6
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5

Liu Die Yu has discovered a vulnerability in Internet Explorer, which
potentially can be exploited by malicious people to conduct phishing
attacks against a user.

The vulnerability is caused due to Internet Explorer failing to
update the address bar after a sequence of actions has been performed
on a named window. This can be exploited to display content from a
malicious site while displaying the URL of a trusted site in the
address bar.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6 running on Microsoft Windows 2000 SP4 / Microsoft
Windows XP SP1.

Previous versions of Internet Explorer may also be affected.