And yes, most are remotely exploitable
According to Oracle’s security announcement, the patch pack addresses 40 different vulnerabilities. All update levels of Java SE 5, 6, and 7 are affected by the flaws, as are all versions of JavaFX.
Of the 40 bugs, all but three are remotely exploitable over a network without the need for a username or password.
Oracle plans to release its latest Java SE Critical Patch Update on June 18, 2013.
Watch for it and install it if you have Java installed on your system. If you are sure you don’t need Java for anything, it would be best to uninstall it or disable it until the update, or at least disable Java in your browsers.