[原文]Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
Microsoft IE Cross-domain Frame Injection Content Spoofing
Remote / Network Access
Loss of Integrity
Microsoft IE contain a flaw that may allow a malicious user to spoof the content of websites. The issue is triggered when arbitrary content is loaded from a malicious website in an separate frame in another browser window. It is possible that this flaw may allow content to load that appears to originate from a trusted site, resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.