[原文]Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different.
Microsoft IE Crafted Elements Status Bar URL Spoofing
Remote / Network Access
Loss of Integrity
Microsoft Internet Explorer contains a flaw related to the information displayed in the status bar that may allow an attacker to spoof the information in the status bar when a user mouse overs a link. The user might be tricked into believing the link leads to a different page leading to potential phishing attack.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.