A Security Response Center blog posting said that Microsoft will investigate the issue immediately.
The proof-of-concept code targets ADODB.Connection, a component of Microsoft's ActiveX software. There are no reports of the vulnerability being actively exploited by attackers.
The vulnerability could be embedded in a web page or email and could be exploited to cause a denial of service attack, according to the US Computer Emergency Readiness Team (US-Cert).
It is not clear whether an attacker could use the vulnerability to remotely execute code and install malware on a system.
US-Cert said that the vulnerability can be avoided by disabling ActiveX or the ADODB.Connection control. The organisation urges users to avoid clicking on unsolicited links.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally