Microsoft has issued warnings about a serious flaw in Internet Explorer that allows attackers to hijack a PC via the popular browser.
Clicking on the wrong webpage could have serious consequences
Security firm Sunbelt Software said the vulnerability was being actively exploited on some porn websites.
So far there is no fix to close the bug in the browsing program but Microsoft has issued advice about how to avoid falling victim.
It said it would patch the bug in its next security update due on 10 October.
Researcher Adam Thomas uncovered the exploit which revolves around the way that the Internet Explorer browser handles a particular form of graphics known as vector graphics.
A properly crafted webpage can exploit this problem and install almost anything they want on the target machine.
Tests by Sunbelt Software on a Windows machine patched with all the latest security updates showed attackers installing a huge amount of spyware and other malicious programs.
STAYING SAFE ONLINE
Install anti-virus software
Keep your anti-virus software up to date
Install a personal firewall
Use Windows updates to patch security holes
Do not open e-mail messages that look suspicious
Do not click on e-mail attachments you were not expecting
Any Windows PC suffering such an infection would become unusable.
Following the discovery of the bug, Microsoft issued a formal alert that tells users how to avoid falling victim while a patch is being prepared.
Microsoft said the patch would be ready for the next monthly security update on 10 October. However, it said it would release the patch earlier if the situation warrants it.
Warnings also followed from the US Computer Emergency Response Team and the Sans security organisation.
In its alert Cert said: "We are currently unaware of a practical solution to this problem."