<meta property="og:description" content="I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location... This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites). The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 + Microsoft Windows XP SP2 and previous versions. Sample code: function pause(ms) { date = new Date(); var curDate = null; do { var curDate = new Date(); } while(curDate-date <meta name="twitter:description" content="I recently found on securityfocus mailinglist a bug in IE which can be exploited with a simple javascript code to spoof the address bar location... This allow attacker inject a malicious shockwave-flash application into Internet Explorer while it is display another URL (even trusted sites). The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 + Microsoft Windows XP SP2 and previous versions. Sample code: function pause(ms) { date = new Date(); var curDate = null; do { var curDate = new Date(); } while(curDate-date