Java JRE deploytk.dll ActiveX Control Multiple BOF Vulnerabilities

Summary
This host is installed with Java JRE Deployment Toolkit ActiveX and is prone to multiple buffer overflow vulnerabilities.
Impact
Attacker may exploit this issue to launch JRE installation and execute arbitrary script code on the victim's system, and can deny the service. Impact Level: System/Application
Solution
Upgrade to Sun Java JRE version 6 Update 20 or later. For updates refer to http://java.sun.com Workaround: Set the killbit for the CLSID {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} http://support.microsoft.com/kb/240797
Insight
Multiple buffer overflows are due to, - error in deploytk.dll file control while processing the setInstallerType, setAdditionalPackages, compareVersion, getStaticCLSID and launch method. - error in installLatestJRE or installJRE method in deploytk.dll control and it can allow attacker to launch JRE installation processes. - error in launch method can cause script code execution via a .jnlp URL.
Affected
Sun Java JRE version 6 Update 1 to 6 Update 13 and prior Sun Microsystems, deploytk.dll version 6.0.130.3 and prior