Microsoft Confirms IE Phishing Flaw
“Software engineers at Microsoft Corp.’s security research team have confirmed the existence of a bug in the Internet Explorer browser that opens the door to URL spoofing attacks.
The flaw, which has been widely reported on public mailing lists, can be exploited by a malicious attacker to spoof the URL of a pop-up advertisement and has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP Service Pack 2.”