InfoWorld: Security bug hits Microsoft Java virtual machineSep 01, 1999, 02:11 (4 Talkback[s])
(Other stories by Matthew Nelson)
"A bug in Microsoft's Java virtual machine (JVM), a part of Internet Explorer 4.0 and 5.0, could give hackers complete control of users' Windows systems, a group of security experts said Monday.
"The Princeton Secure Internet Programming team, in collaboration with Drew Dean at Xerox PARC and Dan Wallach at Rice University, discovered a security flaw in the versions of Microsoft's JVM that allows the creation of an attack applet that is attached to a HTML page.
"Through the bug, a mobile code attack could be delivered over the Web via Internet Explorer or by e-mail via Outlook or other mail programs that use Microsoft's Java virtual machine. When the attack applet is executed, it can read, modify, or destroy any data on the computer, insert a virus, insert software to spy on the user's future online activities, or take any other malicious action."