CVE-2017-10096: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that

CVE-2017-10096 is a critical vulnerability in Oracle Java SE's JAXP component (a toolkit for processing XML documents) that affects versions 6u151, 7u141, and 8u131. An attacker can exploit this flaw over the network to take complete control of Java systems, but only if a user runs untrusted code like Java applets or Web Start applications from the internet. The vulnerability has a severity score of 9.6 out of 10.