On Friday two advisories were released about a serious Java vulnerability that opens current versions of Windows and Linux up to web based attacks.
Tavis Ormandy of Google and Ruben Santamarta both discovered the flaw independently. Ormandy notified Sun of the flaw and when Sun decided not to patch right away, published an advisory with a work around for the issue.
According to ZDNET Zero day the flaw occurs:
“…because the Java-Plugin Browser is running “javaws.exe” without validating command-line parameters. These parameters can be controlled by attackers via specially crafted embed HTML tags within a Web page,” Santamarta warned.
For more information and a temporary solution see the full ZDNET Zero Day article.