java update

If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package.

The flaw occurs because the Java-Plugin Browser is running "javaws.exe" without validating command-line parameters.

Adobe is suggesting that users configure its PDF Reader product to limit the damage from an attack.