Oracle has released details of a 0-day vulnerability including exploit code on Metalink
There is a detailed discussion of the issue on Alex's site in a page titled "Read-only user can modify data via views". This page details the issue and also includes exploit code (the actual method of exploit is censored out).
Dr. Christian Kleinew�chter and Swen Th�mmler from infinity3 GmbH found the issue.