The host is installed with Oracle Java SE 7 Update 15 or earlier, 6 Update 41 or earlier or 5.0 Update 40 or earlier and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted applet or Web Start application. Successful exploitation allows attackers to cause arbitrary code to be executed on the target user's system.