The joy of out-of-date Java:
As predicted at the end of 2012 and proved by the ever expanding use of exploit kits, vulnerabilities in popular and widespread software such as Java and Adobe's Acrobat Reader and Flash top the list of the most exploited by cyber crooks.
Zero-day vulnerabilities are less of a problem than old ones - in fact, given that many people still use older, vulnerable software versions of the software, wielding exploits for zero-days is practically unnecessary for your average cyber crook that goes after money.
via Attacks targeting unsupported Java 6 are on the rise.
I ran into an instance of someone running Java 5, which is akin to your second cousin calling you about a problem he's having on Windows '98.