The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote malicious users to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote malicious users to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun jre 6 |