java is vulnerable to privilege escalation. The vulnerability exists as an information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application.
blogs.sun.com/security/entry/advance_notification_of_security_updates6
java.sun.com/j2se/1.5.0/ReleaseNotes.html
java.sun.com/javase/6/webnotes/6u17.html
secunia.com/advisories/37386
security.gentoo.org/glsa/glsa-200911-02.xml
www.mandriva.com/security/advisories?name=MDVSA-2010:084
www.redhat.com/security/updates/classification/#important
access.redhat.com/errata/RHSA-2009:1584
bugzilla.redhat.com/show_bug.cgi?id=530173
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906