A new Explorer hole will make online scam artists lives even easier, by allowing them to make a fake website look more like the real thing than ever before.
The vulnerability lets an attacker display any website they wish while Explorer's address bar displays a trusted Web address, even with the security SSL icon displayed.
It could result in more sophisticated phishing scams, where spam and Web pages that look like legitimate e-commerce sites are used to steal sensitive information such as user names, passwords and credit card numbers.
The problem was discovered by a security researcher from the Greyhats Security Group and reported late last week by Secunia. The vulnerability lies in an ActiveX control in Explorer and has been found to affect version 6.0 of the browser running on Windows XP SP2 - so no one using Explorer and Windows is in the clear.
Microsoft is investigating the report, a company spokeswoman said Friday. "We have not been made aware of any attacks attempting to use the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports," she said.
Meanwhile, Secunia suggests users protect themselves by disabling ActiveX or setting Explorer's security level to "high" for the Internet zone.