1. Summary

- The vulnerability was reported that Sun Java Deployment Toolkit could allow remote code execution due to lack of suitable verification for its command-line parameter.
- Attacker could build malicious websites and induce users to visit the site page for executing malicious file through shared network.
- A malicious code that related this vulnerability was reported but currently, the security update for this vulnerability has not been released, thus please do not visit the untrusted websites.
- If you are an Internet Explorer user, you can block the ActiveX control execution on Internet Explorer by setting "kill bit" option for Java Deployment Toolkit ActiveX control's CLSID "CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA".

2. Affected Software

- Java SE 6 update 10 or above version on Microsoft Windows system

3. Solution

- For more information, please refer to MS provided document.
(How to stop an ActiveX control from running in Internet Explorer

http://support.microsoft.com/kb/240797