The vulnerability is caused due to an input validation error when handling the "location" or "location.href" property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user"s browser session in context of the trusted site.
- To company: Upgrade to IE7.
- To user: Switch to Firefox.