PC Week: Microsoft addresses security flaw in its Java Virtual Machine

“Microsoft Corp. has released a new version of its Java Virtual
Machine that corrects a security flaw making it vulnerable to
attack by an applet capable of destroying data on a person’s PC,
inserting a virus or performing other malicious actions.”

“The flaw in the JVM distributed with Internet Explorer 4.0
and 5.0 allows an attack applet to operate outside the bounds set
by the virtual machine’s security ‘sandbox.’
…applet can be
attached to an HTML page delivered via the Web through IE or any
e-mail programs using the JVM, including Microsoft Outlook. …user
could even activate the applet simply by viewing the Web page or
e-mail message.”