Microsoft's Security Response Center has acknowledged the appearance of proof-of concept code for a vulnerability in Internet Explorer 7.

A Security Response Center blog posting said that Microsoft will investigate the issue immediately.

The proof-of-concept code targets ADODB.Connection, a component of Microsoft's ActiveX software. There are no reports of the vulnerability being actively exploited by attackers.

The vulnerability could be embedded in a web page or email and could be exploited to cause a denial of service attack, according to the US Computer Emergency Readiness Team (US-Cert).

It is not clear whether an attacker could use the vulnerability to remotely execute code and install malware on a system.

US-Cert said that the vulnerability can be avoided by disabling ActiveX or the ADODB.Connection control. The organisation urges users to avoid clicking on unsolicited links.