Sun advisory number 102171 describes the vulnerabilities and is titled, "Security Vulnerabilities in the Java Runtime Environment may Allow an Untrusted Applet to Elevate its Privileges."
According to security firm Secunia, various unspecified errors in the "reflection" APIs cause the vulnerabilities, which could lead to a system compromise.
Sun's advisory does not specify what the actual errors are. A Sun spokesperson was not immediately available for comment.
The first advisories related to the vulnerabilities in the "reflection" APIs date back to at least November when the company issued Sun Alert ID: 102003, which identified three vulnerabilities.
IBM issued its own "technote faq" in December.