Oracle Java Reflection API Flaw Lets Remote Users Execute Arbitrary Code
Version(s): 7 Update 21; possibly other versions (1.7.0_21-b11)
Java Server JRE is also affected.
A vulnerability was reported in Oracle Java.
A remote user can create a specially crafted Java application that, when loaded and approved by the target user, will trigger a flaw in the Reflection API to bypass the security sandbox.
A remote user can create a Java file that, when loaded by the target user, will execute arbitrary code on the target user's system.
No solution was available at the time of this entry.