[PLUG-TALK] Question: How Can Java be Externally Exploited?

[Rich Shepard]

   Oracle has pushed out patches for 37 identified vulnerabilities with java
7. My understanding is that java is a programming language, but one whose
compiled applications need the JRE to be used.

   If this is correct, then it seems to me in my naievty that the only way to
exploit vulnerabilities in the JRE is by inducing someone to download and
run a .jar file that exploits those vulnerabilities and sends information
back to the malware's sender.

   What am I missing here?

Rich