Taken from : GreyMagic Security Research ( http://sec.greymagic.com/news/ )

09-Sep-2002- Internet Explorer does it again. This time, sites that use frames or iframes are exposing their users to attacks. We discovered that it is possible for an attacker to execute script on any site that contains a frame or iframe element, ignoring any protocol or domain restriction set forth by Internet Explorer. This means that with little effort, an attacker is able to read local files, execute arbitrary programs, steal cookies, forge site content and more.

Read the rest Here