"Exploit code for a new flaw in Internet Explorer could put systems at risk of remote attack, security experts warned Monday."

The exploit code, made public Monday, aims to take advantage of the "extremely critical" vulnerabilities in IE 5.5 and IE 6 running on XP Service Pack 2 (SP2), and IE 6 running on Windows 2000 SP4, security researcher Secunia said in advisory.

Once a PC user is tricked into visiting a malicious Web site, the exploit can be triggered automatically, without the user doing anything.

"An attacker could use the exploit to run any code they want to on a person's system," said Thomas Kristensen, Secunia's chief technology officer. "It could be they want to launch some really nasty code on a user's system."

The flaw lies in a Javascript component of IE used for loading Web pages onto a computer, according to an advisory from SANS Internet Storm Center.

Microsoft has not released a patch for the hole exploited by the code. People can attempt to work around the problem by either shutting off Javascript or using another type of browser, security companies advised.

Security researchers said the IE vulnerability has been known for the past six months, ... Read the rest of the story