Remote code execution possible. http://www.bit-tech.net/news/bits/2016/03/24/oracle-java-vulnerability/1
It's sort of funny to use the term 'remote code execution' since that is the idea with a lot of runtime code like Java. Perhaps 'malicious' or 'above security level' or some such should be in that term.
Java Update popped up yesterday, I imagine this was the bug fix. I do have one question though: can systems be infected using malicious code on webpage kind of attack when their browser Java plugin (for Firefox in my case; I've got two plugins here which appear to be related to Java, one is Java(TM) Platform SE 8 and the other is Java Deployment Toolkit) is set to either A - always ask before running the plugin (and the user selects 'no') or B - never execute plugin ?