Updated: April 19, 2010
Statement Date: April 15, 2010
Affected
Oracle has released the following Security Alert: http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html which provides more details about the fixes for these issues.
The vendor has not provided us with any further information regarding this vulnerability.
This issue is addressed in Java 1.6.0_20. Please see the release notes for more details. This update provides new versions of the Java Deployment Toolkit ActiveX control and plug-in. The update also sets the kill bit for the vulnerable version of the ActiveX control.