The host is installed with Sun JDK or JRE 6 Update 10 or earlier, 5.0 Update 16 or earlier or 1.4.2_18 or earlier and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allows attackers to cause local files to be displayed in the browser of the user of the untrusted application.