This Metasploit module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
84f8085a7aae3cc5d26830a695a8c574d4ef5c13dfc3a77061731b06b87041f1