Sun Microsystem Inc. has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: On Windows, it is possible to prevent automatic exploitation by double-clicking such a file, or opening it through the browser by removing the file associations for JNLP files. If a user specifically selects the Java Web Start application to open the JNLP file, however, exploitation is still possible. This can be done by removing the registry key for .jnlp in the 'HKEY_CLASSES_ROOT' registry hive.
An additional workaround which will prevent all exploitation attempts is to rename the splashscreen library so that Java Web Start will not be able to load it. This file is found in different locations depending on the platform and installation choices. One such location is:
Renaming this file to splashscreen.dll.bak will prevent it from being loaded.