How do we fix this problem?

A vulnerability has been identified in Internet Explorer, which can be

exploited by malicious people to display a fake URL in the address and

status bars.

The vulnerability is caused due to an input validation error, which
can be
exploited by including the "%01" and "%00" URL encoded representations
the username and right before the "@" character in an URL.

Successful exploitation allows a malicious person to display an
FQDN (Fully Qualified Domain Name) in the address and status bars,
which is
different from the actual location of the page.

This can be exploited to trick users into divulging sensitive
information or
download and execute malware on their systems, because they trust the
domain in the two bars.

Example displaying only "" in the two bars
the real domain is "":