TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a stack based buffer overflow vulnerability in Sun Microsystems (A subsidiary of Oracle) Java. The flaw is found within the readMabCurveData function in the CMM module. The vulnerability effects all version of Java on Windows, Linux and Solaris over the last 5 years on both the x86 and x64 architectures. The Mac OSX Java build is also effected.
The vulnerability can be exploited by an attacker through a malicious Java applet embedded in a web page and leads to arbitrary code execution in the context of the user who visits the web page. Due to this vulnerability being a stack buffer overflow, reliable exploitation is trivial and mitigation's such as DEP and ASLR can easily be bypassed thanks to the Java Virtual Machine's heap being executable as well as maintaining a predictable layout.
This vulnerability was discovered by Stephen Fewer of Harmony Security.
You can read the full ZDI advisory here:
You can read the full Oracle advisory here: