The vulnerability is caused by a condition in the loading of Macromedia Flash Format (.swf) files in browser windows. The flaw can then be exploited to show what appears to be a legitimate address bar, according to vulnerability monitoring firm Secunia.
The firm also provided a test for home users to see if their browsers have been affected by this flaw.
The flaw, called "moderately critical" by Secunia, was confirmed on a fully patched system with IE 6 and Windows XP service packs 1 and 2.
Users should disable active scripting support to avoid the flaw affecting their systems, according to Secunia.
Microsoft researchers have been working on a patch for a recently discovered createTextRange() flaw in IE. Company officials have hinted the fix will be a part of next week's Patch Tuesday release.
In January, Microsoft released a rare out-of-cycle patch for the much hyped Windows metafile (WMF) vulnerability, which received widespread media attention in the early days of this year.