VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by a design error in the Java click-2-play security warning when the preloader is used, which can be exploited by remote attackers to load a malicious applet (e.g. taking advantage of a Java memory corruption vulnerability) without any user interaction. Oracle Java versions 7u21 and below are affected.
10e02ec7b9426a95440e714eac97006eaeca4b625413293939ad86595f91ad55