source: https://www.securityfocus.com/bid/10689/info
A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain/cross-zone scripting.
It is reported that the vulnerability presents itself due to a failure to properly validate trust relationships between method calls that are made in separate Internet Explorer windows. This may make it possible for script code to access properties of a foreign domain or Security Zone.
Exploitation may permit execution of arbitrary code as the victim user.
The following example was provided:
;
This will reportedly generate two alerts describing the assign().