Danish security company Secunia has upgraded a security warning on a flaw in Internet Explorer 6.0, to "extremely critical".
The flaw allows malicious code to be loaded onto the machines of Windows XP users, even though they may have installed the XP Service Pack 2 security software.
It opens a machine to hackers even though a user has not completed any action - they simply have to visit a web page containing the rogue code.
A demonstration of the vulnerability affecting users running Internet Explorer 6 with Windows XP SP2 installed is on the Secunia website ( secunia.com/internet_explorer_command_execution_vulnerability_test/).
Microsoft is working on developing a patch for the exploit.