PC Week: Microsoft addresses security flaw in its Java Virtual MachineSep 05, 1999, 20:09 (0 Talkback[s])
(Other stories by Antone Gonsalves)
"Microsoft Corp. has released a new version of its Java Virtual Machine that corrects a security flaw making it vulnerable to attack by an applet capable of destroying data on a person's PC, inserting a virus or performing other malicious actions."
"The flaw in the JVM distributed with Internet Explorer 4.0 and 5.0 allows an attack applet to operate outside the bounds set by the virtual machine's security 'sandbox.' ...applet can be attached to an HTML page delivered via the Web through IE or any e-mail programs using the JVM, including Microsoft Outlook. ...user could even activate the applet simply by viewing the Web page or e-mail message."