(from Oregon State Enterprise Newsletter 2/23/05) A security researcher has discovered a weakness in Internet Explorer/Outlook Express, which can be exploited to trick users into visiting a malicious web site by obfuscating URLs. It is by default possible for script code to manipulate information displayed in the status bar. However, an error allows manipulation of the status bar without using any script code (e.g. in the "Restricted sites" zone). This can be exploited by including a "label" tag for a link, which manipulates the link's appearance via some specially crafted HTML code.
More info at: Secunia