The firm warned that by exploiting all the vulnerabilities, attackers could remotely take over an SP2 machine when the user browses a web page.
The flaws identified by Finjan included bugs that could allow a hacker to remotely access local files; to switch between internet Explorer security zones to obtain access to the local security zone; or bypass SP2's notification mechanism for downloading and executing exe files, so files could be downloaded and executed without a warning to the user.
Finjan said it had been able to demonstrate a number of these vulnerabilities and had provided full technical details to Microsoft, but added it would not release details of the flaws to the public.
Microsoft said, "At this time, we cannot confirm Finjan's claims of '10 new vulnerabilities' in Windows XP SP2. Moreover, Microsoft is unaware of attacks against customers attempting to use the alleged vulnerabilities."
Windows XP Service Pack 2 is designed to deny access to a local file in the course of internet browsing. Any attempt by a remote web page to access a local file in any way other than downloading a file is denied.
According to Finjan, this feature can be compromised. It also said it is possible to elevate the privilege level of mobile code downloaded from the internet. By gaining additional privileges, the remote code could read, write and execute files on the user's hard drive, Finjan warned.