Microsoft Security Advisory MS02-009 - A flaw in how VBScript is handled in IE relating to validating cross-domain access allows scripts of one domain to access the contents of another domain in a frame. A malicious user can exploit this vulnerability by using scripting to extract the contents of frames in other domains, then sending that content back to their web site. This would enable the attacker to view files on the user's local machine or capture the contents of third-party web sites the user visited after leaving the attacker's site. The latter scenario enables attackers to learn personal information like user names, passwords, and credit card information. Microsoft FAQ on this issue available here.
0f91c98cf38ca26e32abe4c063436cd307d46cf297f3bdc535e9b7ecf3de48a6