In this vulnerability, code is able to get the references of some restricted classes which are cleverly used for privilege escalation and bypassing the JVM sandbox. The vulnerable “invoke” method of the “sun.tracing.ProviderSkeleton” class is used to issue calls to the Class.forName() method for loading internal restricted classes and methods.
more here.............http://research.zscaler.com/2014/07/dissecting-cve-2013-2460-java-exploit.html
more here.............http://research.zscaler.com/2014/07/dissecting-cve-2013-2460-java-exploit.html