The host is installed with Oracle Java SE 6 before update 17 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which does not properly use security model permissions when removing installer extensions. Successful exploitation allows remote attackers to execute arbitrary commands.