The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.
A memory overwrite vulnerability in the Color Management code in the JVM process allows command execution when a specially crafted JAR file is opened.
Upgrade to a version higher than JRE 7 Update 15, JRE 6 Update 41, or JRE 5.0 Update 40.
Exploit works on JRE 7 Update 15 and requires a user to open the exploit page in a browser.