The vulnerability affects the ActiveX component in Internet Explorer versions 5.01 and 6.0.
Microsoft confirmed that proof-of-concept attack code has been posted on the web, but claimed that it is not aware of any attacks actively exploiting the vulnerability.
The security firm posted an advisory on its site pinpointing the vulnerability to a memory corruption error in AcvtiveX's Microsoft Multimedia Controls. Secunia advised users to activate DirectX only when visiting trusted sites.
The SANS Internet Storm Center suggested that users could work around the vulnerability by modifying the daxctle.ocx file, or by setting Internet Explorer to prompt the user before executing ActiveX.
The Outlook family of programs could be vulnerable as well, but SANS noted that the program's default settings typically mitigate much of the potential risk.
The discovery of this latest Internet Explorer vulnerability comes just three days after Microsoft's monthly patch Tuesday release addressed vulnerabilities in Windows XP and Publisher.
Microsoft is investigating the vulnerability reports but is unable to say when a patch will be released.
'We are making good progress on 10nm,' claims Intel
Engineer calculates that Chengdu's plan to replace streetlights with artificial moonlight would cost $100bn
Research could also apply to other 'space weather' events involving hot, fast-moving plasma
Dark matter holds the Universe together - and gravitational waves could help identify it