Credit: Frédéric Hoguin
This vulnerability is particularly interesting in that it only uses features of the Java to gain arbitrary code execution capability. It doesn’t use any common exploitation technique like buffer overflows, or memory corruption. As it only uses known features of the JRE, it is 100% reliable.