Bug Found in Microsoft's Java Machine

A bug was found in Microsoft's Java Machine this week that allows a potential hacker to steal files from Web visitors by using an embedded Java applet, and a single line of code. This bug affects users running Internet Explorer versions 4, 5, and 5.01 that have the Microsoft Java Machine activated.

By inserting a single line of code into a Java applet embedded into a Web page, a malicious host can make the applet read certain files on the users computer and transfer them to a Web server, or forward them as e-mail attachments.

The discoverer, Dr. Hiromitsu Takagi of the Japanese Ministry of International Trade and Industry, knows that this bug is very serious because "attacking applets can be implemented too much easily." He recommends that users turn off the Java Virtual Machine for now, until Microsoft releases a patch for the problem.