The company disclosed the flaw Monday on its Web site and posted a patch intended to rectify the problem.
A Java Virtual Machine converts programs written in the Java language into machine code that computers can read. That lets programs run on many different computer systems--such as those using Apple Computer's Mac OS or Microsoft's Windows--without having to be rewritten for each operating system.
Sun Microsystems and AOL Time Warner's Netscape division issued similar alerts regarding the exploit. Netscape's Communicator browser comes with Sun's Java Virtual Machine. Netscape said it encouraged people to upgrade to the latest version of its software, which includes a plug-in from Sun that is not subject to the problem.
To exploit the flaw, a hacker would lure a person to a site where a malicious Java applet is running. In order for the exploit to work, the victim would have to have Internet Explorer configured to access Internet resources via a proxy server. The flaw would let a hacker view the information as it passes through the proxy server.
People whose browsers are not configured to use a proxy server, which includes most home users, are not at risk, Microsoft said.
Since the beginning of the year, the Redmond, Wash.-based company has placed a greater emphasis on the security of its software products, though analysts say that tangible results havein a significant way.