“The flaw could allow a Java applet to wreak havoc on a system
if the user simply views a Web page or e-mail message. The security
hole allows hackers to create an attack applet that is attached to
an HTML page and delivered to Java Virtual Machines that have
Internet Explorer and Outlook built into them.”
“Such an attack applet could read files, change content, make
network connections, set up a listening station, or do other
actions when it launched, says Gary McGraw, vice president of
corporate technology at Reliable Software Technologies. McGraw has
worked with the Princeton team on other security matters.
” ‘It’s Melissa on steroids’ by taking control of a victim’s
computer and performing any kind of action, he says.”
” ‘It’s pure luck that the major flaws in Java haven’t run wild’
yet, McGraw says. Attack applets are the worst kind of Java flaw,
and like other mobile code, the risks are serious, he says.”