Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448
https://exchange.xforce.ibmcloud.com/vulnerabilities/17652
https://exchange.xforce.ibmcloud.com/vulnerabilities/17651
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038