The vulnerability, discovered by SEC Consult, mean that attackers could cause the browser to unexpectedly exit and execute arbitrary code. Versions of IE affected by the flaw include IE 6.0 on Windows 2000 with Service Pack 1, 3 and 4, and on Windows XP with Service Pack 1 and 2.
"Microsoft is investigating a new public report of a vulnerability affecting Internet Explorer. We have not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time," Microsoft said on Thursday in an advisory. "But we are aggressively investigating the public report."
A patch for the flaw is not available. As an interim measure, the software giant advises people to set their Internet and local intranet security zone settings to "high" before running ActiveX controls.
The alert is part of a recently launched Microsoft program to confirm reports of security problems and provide a workaround until a fix is delivered.
The discovery of this latest IE flaw comes two weeks after Microsoft released several "critical" security patches, including one for IE. Those patches addressed vulnerabilities that allowed for remote execution of code.
One word... "Firefox" !