This security advisory describes one critical risk vulnerability.
CWE-388 - Error Handling
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Update the latest version from vendor's website:
Java SE: 6 Update 10, 6 Update 11, 6 Update 12, 6 Update 13, 6 Update 14, 6 Update 15, 6 Update 16, 6 Update 17, 6 Update 18, 6 Update 19, 6 Update 20, 6 Update 27, 6 Update 30, 6 Update 32, 6 Update 34, 7, 7 Update 2, 7 Update 4, 7 Update 6CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.