Security vendor ESET says it has detected a real-life exploit for a vulnerability that's been part of Windows for nearly two decades.

Microsoft recently fixed a Windows vulnerability that's exploitable through Internet Explorer. The vulnerability has been present since Windows 95, and the addition of VBScript to Internet Explorer made it remotely exploitable, despite the Enhanced Protection Mode sandbox in version 11, or the use of Microsoft's Enhanced Mitigation Experience Toolkit.

Because such vulnerabilities are so rare, this one was dubbed Unicorn by its discoverer, IBM's X-Force Research team.

Now security vendor ESET says it has detected the use of this vulnerability on a compromised page on a Bulgarian web site that Alexa ranks as one of the most visited sites in Bulgaria and one of the top 11,000 globally.

The company warns that the attack code - which is based on a proof of concept produced by a Chinese researcher - downloads and executes known malware.

ESET Research staff suggest that the presence of the code on just one of the site's pages could indicate that it is still being tested by the miscreants.

"It was only a matter of time before we started seeing this vulnerability actively used as part of a cybercriminal campaign," they said.

"Scouring our data, we found several blocked exploitation attempts while our users were browsing a major Bulgarian website.

"As you might have guessed, the compromised website was using CVE-2014-6332 to install malware on the computers of its unsuspecting visitors."

The solution: apply the patch to still-supported versions of Windows, and stop using older ones online. (That said, a comment on the IBM page about the discovery of the vulnerability suggests it may be possible to patch Windows XP by having it pose as Windows Embedded POS Ready 2009.)