CVE-2010-3569

Name of the Vulnerable Software and Affected Versions Java SE versions 5.0 Update 25, 6 Update 21, and 1.4.2 27 Java for Business versions 5.0 Update 25, 6 Update 21, and 1.4.2 27

Description The issue affects confidentiality, integrity, and availability. It is reported that remote attackers can exploit this issue via unknown vectors. There are claims that this issue allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.

Recommendations For Java SE versions 5.0 Update 25, 6 Update 21, and 1.4.2 27, update to a version that contains the fix for this issue. For Java for Business versions 5.0 Update 25, 6 Update 21, and 1.4.2 27, update to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the Serialization API until a patch is available.