Sami Koivu

**Name of the Vulnerable Software and Affected Versions** Java Runtime Environment (JRE) for Sun JDK and JRE versions 6 Update 10 and earlier JDK and JRE 5.0 Update 16 and earlier SDK and JRE 1.4.2 18 and earlier **Description** The issue allows remote attackers to run untrusted applets and applications in a privileged context. This is demonstrated by deserializing Calendar objects, which can lead to untrusted applets and applications gaining privileges via unknown vectors related to deserializing calendar objects. **Recommendations** For Java Runtime Environment (JRE) for Sun JDK and JRE versions 6 Update 10 and earlier, update to a version later than Update 10. For JDK and JRE 5.0 Update 16 and earlier, update to a version later than Update 16. For SDK and JRE 1.4.2 18 and earlier, update to a version later than 1.4.2 18.