By reading on suns homepage, its may or may not be a bug in IE and its built in DEP.
They described it as a bug in ie and and the way it handle this update of java with a not the default setting of IE.
Maby it gets missed by CMF due to its not really a bufferowerflow attack preformed by the java uppdate but rather a bug in IE misstaking it to be a bufferoverflow while in fact its not.
But CMF only claims to protect against 90% and more of BO attacks, maby this is one that it misses.
Good that you got IEs built in memory protection too then!
Hope comodo fixes this if its in fact is a bug in the memoryfirewall.
But I know they will (V) comodo don't accept leaks in the firewall, and I dubt they will allow their memory firewall to leak/miss things like this either.