>> Packet Storm Exploit 2013-0819-1 – Oracle Java BytePackedRaster.verify() Signed Integer Overflow

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataBitOffset” boundary checks. This exploit code demonstrates remote code execution by popping calc.exe

Continue reading here:
Packet Storm Exploit 2013-0819-1 – Oracle Java BytePackedRaster.verify() Signed Integer Overflow