REDMOND, Wash., Dec. 23 (UPI) -- U.S. software giant Microsoft says a serious vulnerability in its Internet Explorer browser could allow attackers to take control of an unprotected computer.
Code to exploit the bug has already been published but Microsoft said it had no evidence it was currently being used by cybercriminals, the BBC reported Thursday.
The bug involves the way IE manages a computer's memory when processing Cascading Style Sheets that define the look and feel of pages on a Web site.
IE's memory management can be exploited to inject malicious code into the stream of instructions a computer processes as a browser is being used, experts say.
"As vulnerabilities go, this kind is the most serious as it allows remote execution of code," said Rik Ferguson, senior security analyst at Trend Micro. "This means the attacker can run programs, such as malware, directly on the victim's computer."
Microsoft is "investigating" the bug and working on a permanent fix, the company said in a statement.