[From SecutityFocus]
Oracle database is prone to a privilege escalation vulnerability. A user with ‘create job’ privileges can switch the ‘session_user’ to ‘SYS’. This will facilitate privilege escalation.
The article continues at
http://www.securityfocus.com/bid/13509