The host is installed with Oracle Java SE 5.0 before update 22 or 6 before update 17 and is prone to denial of service vulnerability. A flaw is present in the applications, which does not properly handle a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file. Successful exploitation allows remote attackers to cause a denial of service.