RadUpload doesn't process the uploaded files in any way and can't detect malicious files by itself. You'll have to inspect the files manually to decide if they're a threat. Here is the information that I've managed to find on the subject:
Thankfully, the bug seems to be fixed as of versions JDK and JRE 6 Update 11, JDK and JRE 5.0 Update 17, and SDK and JRE 1.4.2_19. The best protection would probably be to advise your customers to upgrade to the latest version of Java.
All the best,
the Telerik team