This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or run a malicious file. The specific bypass of security permissions is possible via invocation of Proxy.newProxyInstance. It is possible to run user callbacks that don’t have higher privileges as privileged. This allows a malicious applet to execute attacker-supplied code resulting in remote code execution under the context of the current user.