Quote:
A new security vulnerability has been reported that affects the ByteCode Verifier component of the Microsoft VM. It occurs because the ByteCode verifier does not correctly look for certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a Web page that would exploit this vulnerability when it was opened.
I finally got a chance to read through the bulletins. This doesn't sound like luring, this sounds like someone could simply write malicious code in an applet, then stick it on a page. I didn't know that this was done through java, I could decompile a malicious class and check it out.