java is vulnerable to arbitrary code execution. The vulnerability exists as potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code.
blogs.sun.com/security/entry/advance_notification_of_security_updates6
java.sun.com/j2se/1.5.0/ReleaseNotes.html
java.sun.com/javase/6/webnotes/6u17.html
secunia.com/advisories/37386
security.gentoo.org/glsa/glsa-200911-02.xml
www.mandriva.com/security/advisories?name=MDVSA-2010:084
www.redhat.com/security/updates/classification/#important
access.redhat.com/errata/RHSA-2009:1584
bugzilla.redhat.com/show_bug.cgi?id=530175
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10191
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6968