There’s a demo of these problems, here.
The third, less serious hole is a Cookie path attribute problem if trusted sites support wildcard domains or the domain name contains a malicious site domain by using a maliciously crafted path attribute.
Users with Windows XP SP2 are not affected by the last problem. The solution is to disable cookies except when they’re needed, or to update to Windows XP SP2.
News source: TheInquirer