Oracle issued a security alert and patches for CVE-2016-0603 that can affect Java SE 6, 7 or 8 being run on the Windows.
Bad guys looking to take advantage of the vulnerability have to force their victims into a somewhat convoluted process that requires the victim to be lured to a malicious website where the malware is downloaded onto the victim’s computer prior to any of the Java versions being installed, according to the Oracle warning. The problem was rated a 7.6, out of 10, on the Common Vulnerability Scoring System.
If not fixed the problem could result in the complete compromise of the victim’s computer.
Oracle recommended that Java SE owners who have downloaded older version of Java SE prior to 6u113, 7u97 or 8u73, but have not yet installed them, should discard these old downloads and replace them with versions 6u113, 7u97 or 8u73 or later.