The exploit, which has been posted on several Internet sites, gives even relatively novice hackers an easy way to take advantage of a flaw in the way IE processes information using the createTextRange () method, according to Secure Elements Inc., a Herndon, Va.-based security firm.

'It's just a matter of time before the exploit gets turned into a virus or a worm' capable of creating considerable damage on unprotected systems, said Scott Carpenter, director of security labs at Secure Elements.

"The most probable vector for this worm will be in the form of an e-mail with malicious links that will tempt users into clicking on a link that takes them to a Web site' from which malicious code can be downloaded, he said.

According to Carpenter, the exploit code was originally released by a hacker group known as Unl0ck.net and has since been published on various sites.

The public availability of that exploit code prompted the SANS Internet Storm Center to raise its alert level to Yellow from the normal Green for the next 24 hours.