sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks.
The problem is that it is possible for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website...The vulnerability is confirmed in IE7
US-CERT: Vulnerability Note VU#516627
This vulnerability can be mitigated by disabling Active Scripting in the Internet Zone, as specified in the Securing Your Web Browser