Windows, Linux, and Solaris operating system users are at risk from a range of critical vulnerabilities in Sun's widely-used Java Runtime Environment.
Java Runtime Environment (JRE) provides the minimum code needed to run Java applications or applets, which are deployed by websites and launched from within a browser.
Sun said the flaws are due to errors in "reflection" APIs (application programming interfaces), and can be used by attackers to take over systems using maliciously-crafted applets to read and write files on a compromised system's hard drive.
Several editions of JRE are threatened by the bugs. These include JRE 1.3.1_16 and earlier, JRE 1.4.2_09 and earlier, and JRE 5.0 Update 4 and earlier.
Sun recommends that users update to newer versions of JRE. Alternatively, users can now download JRE 5.0 Update 6 to get around the problem.
Internet security firm Secunia said the vulnerabilities were potentially critical.