Microsoft is warning that exploit code could exist for an unpatched flaw in Internet Explorer.
In an advisory it is warning of a flaw in its DDS Library Shape Control software, which is used by components such as Visual Studio. Any browser viewing a specially crafted web page could be crashed in such a way as to allow a hacker to insert and run code on the user's PC.
"COM objects that are not ActiveX controls may cause unexpected results, such as crashing Internet Explorer. The Microsoft DDS Library Shape Control COM object crashes in a way that can be exploited to execute arbitrary code on a vulnerable system."
The DDS Library Shape Control software is not included in Microsoft software automatically, but forms a part of Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003, Microsoft Office Professional 2003 and Microsoft Office XP.
Microsoft has criticised the way this vulnerability has been published without giving it time to develop a patch. French security researchers FrSIRT discovered the vulnerability in response to an anonymous tip-off.
"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk," said the company in a statement.
"We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."
It has included five possible workarounds for the flaw in the advisory and is developing a patch for the problem.
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Battery development could help boost performance of smartphones
Topological photonic chips promise a more robust option for scalable quantum computers
In quantum physics both the chicken and the egg can come first, claim University of Queensland researchers
Cause-and-effect is not always straightforward in quantum physics