Sun updates Java for Microsoft flaw
Sun is out this week with a significant security update for Java SE 6. US-CERT warns that the Java vulnerabilities could potentially enable an attacker to execute arbitrary code or bypass authentication methods.
"A security vulnerability in the Active Template
Library (ATL) in various releases of Microsoft Visual Studio that is
used by the Java Web Start ActiveX control may allow the Java Web Start
ActiveX control to be leveraged to execute arbitrary code," Sun's advisory states. "This may
occur as the result of a user of the Java Runtime Environment viewing a
specially crafted web page that exploits this vulnerability."