A zero-day Java vulnerability that affects all versions of the browser plug-in has been incorporated in popular exploit kits used by cyber criminals, security experts say. The exploits for the vulnerability have been implemented within the Blackhole, Cool and Nuclear Pack kits. The flaw affects all versions of the Java plug-in, including the latest Java 7 Update 10.