An Israeli security researcher performed a demonstration on Wednesday exposing a critical Internet Explorer 7 flaw that allows phishers to launch attacks on unaware users.

The attack can be launched because of a IE7 flaw in a local resource that displays a notification when a user cancels navigating to a already typed web address. The IE7 flaw can be exploited by forging trusted websites and serving a user with a fake one instead with a genuine website. 

Fake landing pages can look genuine but they are forged to collect login credentials and other sensitive information. The issue is classified as cross-site scripting and has become the most propagated style of vulnerabilities in the last months. Flaws like this are often used by phishing criminals to launch aggressive attacks that aim at stealing information.

Microsoft security engineers are currently working on the issue but there has been no evidence so far that the flaw has been exploited maliciously