This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fontmanager native component. There is a vulnerability when processing Ligature Substitution subtables embedded in a “mort” table, which can result in a memory corruption. This allows a malicious applet to execute attacker-supplied code resulting in remote code execution under the context of the current user.