A security researcher is urging users to disable their Java plugin immediately due to a newly discovered vulnerability and exploit that was spotted in the wild.
@kafeine was first to report the exploit, which was then successfully reproduced by Jaime Blasco from security software company AlienVault. Blasco wrote that he was able to "trick" the malicious Java applet, which, according to @kafeine is distributed via a site with "hundreds of thousands of hits daily" to execute the calc.exe in their lab.
There is not much information about the vulnerability and exploit available at this time, but Blasco wrote that the exploit is probably bypassing certain security checks by tricking the permissions of certain Java classes as we saw in CVE-2012-4681. The only defense against the issue is to disable the Java browser plugin, Blasco said.