When running a Java applet from a web page using a vulnerable version of Java Runtime, an applet exploiting the vulnerability may escape Java's sandbox. This means that the Java applet would have exactly the same access to the file system and process execution as any native application.
Java vulnerabilities have been actively used by malicious web pages in the past, so it is quite possible that this new vulnerability will also be used.
So do make sure that your Java runtime is up to date, instructions are available at Sun Advisory #102760.
Note: Sun provides links to J2SE 5.0 Update 10 in their advisory.
version 6.0 is also available from: http://java.sun.com/javase/downloads/index.jsp
I got a tune in my head from the 'Supremes' today, so I said I'll just do a Google search and listen to something. You know how it is. Anyway, with McAfee as a guide, I clicked several pages looking for something I could actually hear. As soon as I got on one website, again McAfee saying it was safe, with its green arrow and green bar on the actual site, my AVG free antivirus program detected a Trojan. I told it to 'heal', which it said it did, and I closed the web page immediately. I "immediately" ran a scan with AVG and it found and deleted: Trojan Horse Downloader Small.57.V. Hmmmmm. I guess the good news is that my AVG worked. But I didn't actually get to a point where I even "played" anything. And "NO" I didn't download anything either. I haven't gotten a "virus/trojan" in maybe four or five years. By the way, I have AVG doing "daily" scans at noon, all clear, this occured about 4:45 PM. Hmmmmmm. And of course I still have that 'tune' in my head. LOL.
Just an FYI,