"The irresponsibility of releasing such a dangerous exploit will require systems administrators to take drastic action to protect their systems. When vulnerable home systems are added into the equation, Internet explorer users can expect a virus or worm in the very near future,” said Scott Carpenter (pictured), director of security labs at Secure Elements, when he heard that an exploit has been published for a vulnerability found in Microsoft Internet Explorer 6.x which could be used by attackers to run arbitrary code on target systems.

The flaw is due to an error when processing a "createTextRange()" call related with control objects.

“The most probable vector for this worm will be in the form of spam with malicious links that will tempt users into clicking on a link that takes them to a malicious web site," Carpenter commented. "While security researchers attempted to not disclose the actual exploit code for the vulnerability, an exploit has already been published on multiple Internet sites that can be used by anyone with even a small amount of computer skills to create seriously damaging virus or worm,” he continued. 

Engineers within the Secure Elements’ Security Labs, Carpenter said, have classified the severity of this vulnerability as “10,” meaning that he vulnerability is remotely exploitable and the exploit has been released. The Secure Elements Security Lab engineers are not aware of any official patches released by Microsoft for this vulnerability. As a workaround, Secure Elements recommends disabling Active Scripting in Internet Explorer.