Updated:  April 19, 2010

Statement Date:   April 15, 2010

Status

Affected

Vendor Statement

Oracle has released the following Security Alert: http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html which provides more details about the fixes for these issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This issue is addressed in Java 1.6.0_20. Please see the release notes for more details. This update provides new versions of the Java Deployment Toolkit ActiveX control and plug-in. The update also sets the kill bit for the vulnerable version of the ActiveX control.