The new bug could be used to launch code execution attacks. Microsoft acknowledged that the vulnerability, found by Andreas Sandblad of Secunia, is not just a successful exploit of the flawby Michal Zalewski.
It was originally believed that the flaw found by Sandblad was related to the one discovered by Zalewski, but a Microsoft representative confirmed that the two vulnerabilities are separate.
"During analysis, Secunia discovered a variant of this vulnerability," security company Secunia wrote on its Web site on Tuesday, referring to the bug found by Zalewski. The company confirmed the problem "on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2."
Both flaws could be used to corrupt a PC's memory if the computer's user can be tricked into visiting a malicious Web site, Secunia said.
Secunia added that Microsoft is working on a patch.