JRE unpack200 is vulnerable to privilege escalation. An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application.
blogs.sun.com/security/entry/advance_notification_of_security_updates5
labs.idefense.com/intelligence/vulnerabilities/display.php?id=814
lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
marc.info/?l=bugtraq&m=125787273209737&w=2
secunia.com/advisories/36162
secunia.com/advisories/36176
secunia.com/advisories/36180
secunia.com/advisories/36199
secunia.com/advisories/36248
secunia.com/advisories/37300
secunia.com/advisories/37386
secunia.com/advisories/37460
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1
www.mandriva.com/security/advisories?name=MDVSA-2009:209
www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/archive/1/507985/100/0/threaded
www.us-cert.gov/cas/techalerts/TA09-294A.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/2543
www.vupen.com/english/advisories/2009/3316
www.zerodayinitiative.com/advisories/ZDI-09-049/
access.redhat.com/errata/RHSA-2009:1201
exchange.xforce.ibmcloud.com/vulnerabilities/52307
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10840
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8415
rhn.redhat.com/errata/RHSA-2009-1199.html
rhn.redhat.com/errata/RHSA-2009-1200.html
rhn.redhat.com/errata/RHSA-2009-1201.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html