A recently discovered security hole in Internet Explorer 6, and possibly earlier versions as well, means that users can easily be fooled into downloading what appear to be safe files but could in fact be anything at all, a trojan virus for example.

Combine that vulnerability with an earlier one which has not been fixed, whereby a user can be similarly fooled into going to a website which looks genuine but isn't, and you've got a massive flaw leaving many totally exposed.

Microsoft failed to add suitable patches for the vulnerabilities in its January updates and many believe that the holes cannot be fixed. In other words, at any time you could be visiting a spoof site and downloading spoof files without ever knowing.

Source