A vulnerability found in Microsoft's Internet Explorer allows hackers to track the movements of your mouse cursor across the screen, which could in turn reveal data entered on virtual keyboards.

Virtual keyboards and keypads can be used to reduce the chance of a keylogger recording every keystroke and therefore being able to "read" your passwords. However Spider.io discovered that Internet Explorer versions 6 to 10 make it possible for your mouse cursor to be tracked anywhere on screen, even if the IE tab is minimized. You can see a video demonstration of the vulnerability embedded in this post, or you can try it yourself at this link (provided you are browsing with IE).

This particular vulnerability is of concern, because if you use Internet Explorer your mouse movements can be recorded even if you never install any software. A hacker simply needs to buy a display advertising placement on any webpage you visit. As long as the tab with the ad remains open, mouse movements can be tracked.

The analytics company disclosed the vulnerability to Microsoft back in October, but has now gone public. The Microsoft Security Research Centre recognizes that there is a vulnerability but has said that there are no immediate plans to patch it. Spider.io says that a number of Web analytics companies are already making use of this ability to track cursor movements.

In order to glean any meaningful information from this attack, any hacker would need to know what website or application the user was using, where they were positioned on screen already and the layout of the site. The site would also need to use an onscreen keypad or keyboard to enter sensitive information—something that ING Direct's online banking service uses.

This post originally appeared on Wired UK.