CVE-2010-4465

Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 6 Update 23 and earlier Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier Java Runtime Environment (JRE) versions 1.4.2 29 and earlier

Description The issue affects confidentiality, integrity, and availability via unknown vectors related to Swing. It allows remote untrusted Java Web Start applications and untrusted Java applets to exploit the vulnerability. There are claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."

Recommendations For Java Runtime Environment (JRE) versions 6 Update 23 and earlier, update to a version later than Update 23. For Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier, update to a version later than Update 27. For Java Runtime Environment (JRE) versions 1.4.2 29 and earlier, update to a version later than 1.4.2 29. As a temporary workaround, consider restricting access to Swing and clipboard functionality in untrusted Java applets until a patch is available.