Sun Microsystems, Inc. Information for VU#886582

Java Deployment Toolkit insufficient argument validation

Status

Affected

Vendor Statement

Oracle has released the following Security Alert:
http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html
which provides more details about the fixes for these issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

This issue is addressed in Java 1.6.0_20. Please see the release notes for more details. This update provides new versions of the Java Deployment Toolkit ActiveX control and plug-in. The update also sets the kill bit for the vulnerable version of the ActiveX control.

If you have feedback, comments, or additional information about this vulnerability, please send us email.