Researchers at Secunia have discovered a second security flaw in IE7 . This new vulnerability allows a Web site to display a pop-up that can contain a spoofed Web address, allowing an attacker to exploit this weakness by tricking people into believing they are on a trusted Web site when in fact they are viewing a malicious page.
Microsoft confirms howevet than an won’t work if a Web site is known to be part of a phishing scam. The IE 7 phishing shield will identify such sites and warn the user.
Secunia have created a test page demonstrating this weakness.