CVE-2010-3562

Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 6 Update 21, 5.0 Update 25, 1.4.2 27, and 1.3.1 28

Description The issue affects the confidentiality, integrity, and availability of the system, allowing remote attackers to exploit it via unknown vectors. It is claimed by a reliable downstream vendor to be a double free vulnerability in IndexColorModel, which could lead to a denial of service (crash) and possibly the execution of arbitrary code.

Recommendations For Oracle Java SE and Java for Business version 6 Update 21, update to a version that includes the fix for this issue. For Oracle Java SE and Java for Business version 5.0 Update 25, update to a version that includes the fix for this issue. For Oracle Java SE and Java for Business version 1.4.2 27, update to a version that includes the fix for this issue. For Oracle Java SE and Java for Business version 1.3.1 28, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the 2D component until a patch is available.