Millions of Internet Explorer users have been warned of a security vulnerability within the browser that poses a "significant risk".

According to analysts from the X-Force division of security firm ISS, the flaw can allow website addresses or URLs to display incorrectly in the browser's navigation bar, thereby allowing scams that trick users into trusting a bogus website.

The flaw, which ISS says is trivial to exploit, may be triggered when individuals navigate to URLs from within emails or hostile web pages.

Similar vulnerabilities have been used extensively in mass emails, or fake websites designed to replicate the original in an effort to steal personal information from the victim.

"This type of attack has commonly been referred to as 'phishing'. Whereas past phishing attacks used URLs similar to the original, this new vulnerability allows URLs that are identical to the original website," said the X-Force Security Alert.

"This makes it almost impossible for individuals to differentiate between fraudulent sites and legitimate sites."

Affected versions of the browser include Internet Explorer 6.0, 5.5 and 5.01. The complete X-Force advisory can be viewed here.


Good artists copy, great artists