Argument injection vulnerability in the URI handler in (a) Java NPAPI
plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other
versions, when running on Windows and possibly on Linux, allows remote
attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm
argument to javaws.exe, which is processed by the launch method. NOTE:
some of these details are obtained from third party information.