Multiple critical vulnerabilities were discovered in IBM Java 1.4.x and 1.6. Flaws allow attacker to hijack user’s session, steal information, launch DoS attack, manipulate data and system access.
Flaws were found in SSL 3.0 and TLS 1.0 protocols. Vulnerabilities were also found in Deserialization, Scripting, AWT, Swing, 2D, RMI, HotSpot and Deployment components. A flaw in JAXWS allows attacker to access data and the vulnerabilities in JRE let cybercriminal to execute arbitrary code and manipulate data.
IBM Java users should upgrade their software to version 1.4.2 SR13-FP11 or 6.0.0 SR10.

Source: Secunia
10.01.2012