A new sandbox-escape exploit targeting a vulnerability in the Java Runtime Environment has been integrated into both the Black Hole and Gong Da exploit kits. The exploit was initially discovered in the Cool Exploit Kit earlier this month. Microsoft says the malware abuses a package access problem in the JRE configuration. The malware does not exploit Java 6, regardless of patch status, and that could be a reason that malware samples exploiting this vulnerability are usually bundled with a series of other Java exploits. The new exploit targets Java SE 7 Update 7 and earlier.
Source: https://threatpost.com/gong-da-exploit-kit-bundling-numerous-java-attacks-112012/77232/