CVE-2010-1423

Name of the Vulnerable Software and Affected Versions Java versions 6 Update 10 through 6 Update 19

Description The issue allows remote attackers to execute arbitrary code via the -J or -XXaltjvm argument to javaws.exe, which is processed by the launch method. This is related to an argument injection vulnerability in the URI handler in the Java NPAPI plugin and Java Deployment Toolkit.

Recommendations For Java versions 6 Update 10 through 6 Update 19, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the javaws.exe executable to minimize the risk of exploitation. Avoid using the -J or -XXaltjvm arguments in the javaws.exe command until the issue is resolved.