It is possible to spoof the address in the IE 6 address bar, including the spoofing of https addresses. This is achieved through malicious scripting. Full exploit data is readily available.

Description:

It has been discovered that it is possible to spoof the address bar data in Internet Explorer 6 (for all versions of IE 6). This could allow a remote attacker to overwrite the actual site address with any information that they choose, effectively misleading the user into believing that they are on the legitimate site, when they are on the attacker's choice of site. Full exploit details are readily available.

Mitigation:

Consider disabling Active Scripting support and consider the use of an alternative Internet browser until Microsoft are able to release a patch for the issue.

Updates:

Not Yet Available

Source:

http://lcamtuf.coredump.cx/ietrap2/

Exploits:

http://lcamtuf.coredump.cx/ietrap2/

Not Yet Identified