Danish vulnerability tracker Secunia, which ranked the flaw as -- the middle threat level in its five-step system -- also said that hackers could exploit the bug to compromise a PC.

"Successful exploitation may allow execution of arbitrary code," warned Secunia.

Secunia added that a buffer overflow could be triggered by sending a too-long Server Name string in a malformed Browser Election Request packet. In this context, "browser" does not mean a Web browser, but describes other Windows components which access the OS' browser service.

Vupen confirmed that Windows XP Service Pack 3 (SP3) and Windows Server 2003 SP2 are vulnerable to attack, while Secunia reported that other versions of Windows may also be affected.

Cupidon-3005 taunted Microsoft in a message posted to the security mailing list. "Apologies if this puts a downer on the MSRC valentines day sausage fest," the message read.