CVE-2010-3553

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 6 Update 21, 5.0 Update 25, 1.4.2 27, and 1.3.1 28

Description The issue affects the confidentiality, integrity, and availability of the system, allowing remote attackers to exploit it via unknown vectors. It is reportedly related to unsafe reflection involving the UIDefault.ProxyLazyValue class in the Swing component.

Recommendations For Oracle Java SE and Java for Business version 6 Update 21, update to a newer version to mitigate the risk. For Oracle Java SE and Java for Business version 5.0 Update 25, update to a newer version to mitigate the risk. For Oracle Java SE and Java for Business version 1.4.2 27, update to a newer version to mitigate the risk. For Oracle Java SE and Java for Business version 1.3.1 28, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Swing component until a patch is available.