This module exploits a vulnerability in Oracle Java. Abusing the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments it is possible to execute arbitrary code.
CVE Link
Exploit Type
Product Name