Hackers have discovered a new vulnerability in Internet Explorer, and they've released code that could be used to attack users of Microsoft Corp.'s popular browser. The vulnerability is similar to a bug that Microsoft patched last month in a multimedia component of Internet Explorer, according to Vincent Hwang, a group product manager with Symantec's Security Response team. Though a sample exploit of the vulnerability was posted Wednesday by hackers on the xsec.org Web site, Symantec has yet to see the code used in any attacks, according to Hwang.
To take advantage of the exploit code, attackers would first need to trick users into viewing a maliciously encoded Web page, but they could then run unauthorized code on a victim's computer. It is unclear right now which versions of Windows and Internet Explorer are affected by the vulnerability. Researchers at Secunia said they were able to create a "fully working" exploit for the latest version of Windows XP running Internet Explorer 6. Windows 2000 users are also vulnerable, Secunia said. Microsoft security researchers were unavailable to comment on the issue, but a spokesman for the company's public relations agency said that the matter was under investigation.