If the flaw is exploited, launching spoof-based attacks, or accessing and changing data on vulnerable PCs may be possible.

The problem is related with the implementation of a JavaScript component. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used.

“An attacker could spoof a legitimate Web site, access data from the Web browser’s cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web siteâ€?, security researcher Amit Klein wrote.

Computers running Windows XP SP2, and Internet Explorer 6 are vulnerable but the user can protect itself by setting the security level to “high� in IE.

Microsoft investigates this problem and stated through a representative that is unhappy about the manner of revealing it. The company urges security researchers to report problems in its products privately so it can provide a fix and not to put the user in danger.

There were several vulnerabilities discovered over the last weeks in Internet Explorer.

Secunia published on their website that Internet Explorer is affected by 86 flaws, Firefox by 24 flaws and Opera only by 8.

(Warning!) These flaws are marked as “unpatched”.