A vulnerability in IE7 allows for websites to modify the location of another frame in another window by setting the location to an object instead of a string.This could lead to malicious sites loading content into frames of legitimate sites.
An input validation vulnerability in IE6 could result in the execution of arbitrary script code. This is due to errors in the handling of properties of a window object. Users should upgrade to IE7 as it is not affected by this vulnerability.