InfoWorld: Security bug hits Microsoft Java virtual machine

“A bug in Microsoft’s Java virtual machine (JVM), a part of
Internet Explorer 4.0 and 5.0, could give hackers complete
of users’ Windows systems, a group of security experts
said Monday.

“The Princeton Secure Internet Programming team, in
collaboration with Drew Dean at Xerox PARC and Dan Wallach at Rice
University, discovered a security flaw in the versions of
Microsoft’s JVM that allows the creation of an attack applet that
is attached to a HTML page.

“Through the bug, a mobile code attack could be delivered over
the Web via Internet Explorer or by e-mail via Outlook or other
mail programs that use Microsoft’s Java virtual machine. When the
attack applet is executed, it can read, modify, or destroy any data
on the computer, insert a virus, insert software to spy on the
user’s future online activities, or take any other malicious

Complete story