Effetti:
Liu Die Yu has discovered a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct phishing attacks against a user.
The vulnerability is caused due to Internet Explorer failing to update the address bar after a sequence of actions has been performed on a named window. This can be exploited to display content from a malicious site while displaying the URL of a trusted site in the address bar.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6 running on Microsoft Windows 2000 SP4 / Microsoft Windows XP SP1.
Previous versions of Internet Explorer may also be affected.
Secunia has developed a demonstration of the vulnerability, which may be found here:
http://secunia.com/internet_explorer...ng_test_popup/
NOTE: Currently known attack vectors do not work on Windows XP systems with SP2 applied.
Info:
http://secunia.com/advisories/12304/