The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-July/019580.html http://www.vuxml.org/freebsd/55b498e2-e56c-11e1-bbd5-001c25e46b1d.html

The following package is affected: icedtea-web CVE-2012-3422 The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. CVE-2012-3423 The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.