Here is test to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable: Internet Explorer 7 navcancl.htm Cross-Site Scripting Vulnerability – Secunia.
If you are vulnerable, text similar to this will appear:
The content of this page is controlled by the phisher, although the Address Bar displays http://www.google.com.
A phisher could easily have been spoofed this to look like a genuine Google page, or any other website like your bank or favorite shopping site, asking you to enter sensitive data (Credit card details, passwords and usernames, and so on).
See more here.