

Active exploit of Java 7 allows arbitrary remote code execution - zaroth
http://www.kb.cert.org/vuls/id/625617

======
zaroth
A vulnerability in the Java Security Manager allows a Java applet to grant
itself permission to execute arbitrary code.

Any web browser using the Java 7 plug-in is affected. The Java Deployment
Toolkit plug-in and Java Web Start can also be used as attack vectors.

Reports indicate this vulnerability is being actively exploited, and exploit
code is publicly available.

Solution: Disable Java in web browsers

