Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability

The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR file on the affected system.

US-CERT encourages users and administrators to review US-CERT Vulnerability Note VU#886582 and implement any necessary workarounds to help mitigate the risk until a fix is available from the product vendor.

US-CERT will provide additional information as it becomes available.