Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution.
See the rest here:
Packet Storm Advisory 0811-1 – Oracle Java storeImageArray()