TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a stack based buffer overflow vulnerability (CVE-2010-3552) in Oracle's Java for Internet Explorer. The flaw is found within the JP2IEXP.dll module which is used by Internet Explorer for managing the Java plugin. This vulnerability was discovered by Stephen Fewer of Harmony Security.
You can read the full ZDI advisory here:
And the Oracle advisory here:
This vulnerability was also independently discovered by Berend-Jan Wever who has written a blog post detailing the vulnerability along with several interesting proof of concept exploit modules (specifically iExploit12-DEP.zip) which can be found here