The website of a European aeronautical parts supplier was infected with an exploit that uses an unpatched Windows vulnerability to execute malicious code on end users' computers, researchers from antivirus provider Sophos said.

The active exploit of an XML Core Services package in all supported versions of Windows, which Ars reported last week, allowed people to become infected simply by visiting the unnamed site using Microsoft's Internet Explorer browser. Researchers with the firm said the exploit was planted on the site by "cybercriminals" who first managed to compromise its security.

The vulnerability, which stems from an uninitialized variable, was discovered by researchers at Google when they noticed it was being exploited in targeted attacks. Around the same time, Google initiated a new service that alerts potential targets of state-sponsored attacks, and it was later reported that the XML attacks Google saw prompted the new warnings. Over the weekend, Sophos saw at least one other attack on the website of a European medical company. The latest attack may also be state sponsored, Sophos researchers speculated Wednesday morning.

"We know that a hacker who manages to plant malicious code on the website of, say, a company which supplies aeronautical parts may reasonably predict that staff at a larger organization—such as an arms manufacturer or defense ministry—might have reason to access the site," they wrote in a blog post. "Once the hackers have placed their malicious code on the supplier's website, they would simply wait for notification that their code has run on either the big company's network or a larger supplier further up the chain."

Microsoft has provided a temporary fix for the vulnerability that all Windows users should apply whether or not they use IE as their browser of choice. Most antivirus products have added signatures to detect and block exploits. The aeronautical parts supplier, which Sophos declined to name, has since removed the infection from its website.