A Security Response Center blog posting said that Microsoft will investigate the issue immediately.
The proof-of-concept code targets ADODB.Connection, a component of Microsoft's ActiveX software. There are no reports of the vulnerability being actively exploited by attackers.
The vulnerability could be embedded in a web page or email and could be exploited to cause a denial of service attack, according to the US Computer Emergency Readiness Team (US-Cert).
It is not clear whether an attacker could use the vulnerability to remotely execute code and install malware on a system.
US-Cert said that the vulnerability can be avoided by disabling ActiveX or the ADODB.Connection control. The organisation urges users to avoid clicking on unsolicited links.
Japanese researchers develop a flexible screen worn on the skin that they claim can monitor patients' heart rate and other vitals
ZenFone 5 Pro appears to boast a Snapdragon 845 SOC, an Adreno 630 GPU and 6GB of RAM
Pilot project will serve 300 homes to start with
The IoT faces significant compatibility challenges, which could be avoided for blockchain by adopting Hyperledger