From the “Have you updated yet?” files:
Sun is out this week with a significant security update for Java SE 6. US-CERT warns that the Java vulnerabilities could potentially enable an attacker to execute arbitrary code or bypass authentication methods.
“A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio that is used by the Java Web Start ActiveX control may allow the Java Web Start ActiveX control to be leveraged to execute arbitrary code,” Sun’s advisory states. “This may occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability.”
It’s interesting to see how many third-party vendors were affected by the ATL issue. Adobe was also affected by the same issue.
Next page: The widespread ATL issue