Microsoft's Internet Explorer browser crashes when attacked through a new unpatched vulnerability, security companies warned Friday.

The zero-day bug occurs within the "mshtml" library when a malformed HTML tag with an abnormally large number of script handlers is fed to the browser. According to the researcher who posted the initial description to the Bugtraq security mailing list, attackers can easily crash IE by flooding its buffer.

The researcher, Michal Zalewski, also released proof-of-concept code that crashes the latest IE release on a fully-patched edition of Windows XP SP2.