CVE-2010-3555

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business 6 Update 21

Description The issue affects the confidentiality, integrity, and availability of the system via unknown vectors. It is reported that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.

Recommendations For Oracle Java SE and Java for Business 6 Update 21, consider disabling the ActiveX Plugin as a temporary workaround until a patch is available. Restrict access to the Deployment component to minimize the risk of exploitation. Avoid using the vulnerable object field as a window handle in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.