A sample exploit of the vulnerability was posted by hackers on the xsec.org Web site and it uses a similar method to a bug that Microsoft fixed last month.
Attackers have to trick users into viewing a maliciously encoded Web page, but they can then run unauthorised code on a victim's computer.
Symantec's Security Response team said that it has yet to see the code used in any attacks, although it has labelled the exploit as "critical".
Security outfit Secunia said its boffins could create a "fully working" exploit for the latest version of Windows XP running Internet Explorer 6. Windows 2000 users are also vulnerable.
More here. µ
Sign up for INQbot – a weekly roundup of the best from the INQ