A Security Response Center blog posting said that Microsoft will investigate the issue immediately.
The proof-of-concept code targets ADODB.Connection, a component of Microsoft's ActiveX software. There are no reports of the vulnerability being actively exploited by attackers.
The vulnerability could be embedded in a web page or email and could be exploited to cause a denial of service attack, according to the US Computer Emergency Readiness Team (US-Cert).
It is not clear whether an attacker could use the vulnerability to remotely execute code and install malware on a system.
US-Cert said that the vulnerability can be avoided by disabling ActiveX or the ADODB.Connection control. The organisation urges users to avoid clicking on unsolicited links.
New Internet Explorer flaw emerges
By Shaun Nichols on Oct 31, 2006 9:50AM