Mark Laurence has discovered a 6 year old vulnerability in Internet Explorer, which can be exploited by malicious people to spoof the contents of websites.

The vulnerability is caused due to Internet Explorer not checking if a target frame belongs to a website containing a malicious link, which therefore does not prevent one browser window from loading content in a named frame in another window.

Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

This vulnerability is similar to an old vulnerability fixed by MS98-020 in Internet Explorer versions 3 and 4.

The vulnerability has been confirmed in a fully patched Internet Explorer 6 and 7 running on Microsoft Windows XP. Other versions of Internet Explorer may also be affected.

NOTE: "Navigate sub-frames across different domains" is not enabled by default in IE7.

Solution
Disable the following security setting:
Further details available to Secunia VIM customers

Provided and/or discovered by
Discovered by Mark Laurence
Example by http-equiv

Changelog
Further details available to Secunia VIM customers

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers