The vulnerability could be exploited with specially crafted code. An attacker could spoof a legitimate Web site, access data from the Web browser's cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web site, according to Klein's write-up.
Fully-patched computers running Windows XP with Service Pack 2 and Internet Explorer 6.0 are vulnerable to this issue, security monitoring company Secunia said in an advisory. Secunia rates the problem as "moderately critical" but says people can avoid the risk by setting the security level in IE to "high."
Microsoft is investigating the vulnerability report, a company representative said in a statement. The software maker is not aware of any attacks that take advantage of the flaw, the representative said. Upon completion of the investigation, Microsoft may provide a security update or emergency fix.
Microsoft is unhappy about the way the problem was disclosed. The company urges security researchers toin its products privately so it can provide a fix. "This public disclosure potentially puts computer users at risk," the Microsoft representative said.
Over the last weeks, several security researchers havewith flaws in Internet Explorer, which is part of Windows. Some of these vulnerabilities could let an intruder of a user's PC. Microsoft initially planned to release at least one patch for Windows earlier this month but because of quality issues.
Secunia has published 86 security advisories on IE, of which 20 are currently marked "unpatched" in the Secunia database.