Microsoft is warning that exploit code could exist for an unpatched flaw in Internet Explorer.
In an advisory it is warning of a flaw in its DDS Library Shape Control software, which is used by components such as Visual Studio. Any browser viewing a specially crafted web page could be crashed in such a way as to allow a hacker to insert and run code on the user's PC.
"COM objects that are not ActiveX controls may cause unexpected results, such as crashing Internet Explorer. The Microsoft DDS Library Shape Control COM object crashes in a way that can be exploited to execute arbitrary code on a vulnerable system."
The DDS Library Shape Control software is not included in Microsoft software automatically, but forms a part of Microsoft Visual Studio .NET 2002, Microsoft Visual Studio .NET 2003, Microsoft Office Professional 2003 and Microsoft Office XP.
Microsoft has criticised the way this vulnerability has been published without giving it time to develop a patch. French security researchers FrSIRT discovered the vulnerability in response to an anonymous tip-off.
"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk," said the company in a statement.
"We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."
It has included five possible workarounds for the flaw in the advisory and is developing a patch for the problem.
Robot can assemble Ikea furniture in under 10 minutes - several hours less than the average human
Researchers claim to be one step closer to developing flexible screen televisions, tablets and phones
Thanks to the creation of an ultrafast, nanoscale transistor
The 'first demonstration' of a scalable method for manufacturing graphene
Lifted off on a SpaceX Falcon 9 rocket today following postponement on Monday