Here is a quote from David Lichtfield on this new vulnerability:

Every supported version of Oracle, running on any operating system is vulnerable to this attack, which can be leveraged by even low-privileged users to gain complete control of the database.
That quote may be a tad alarmist though. The mitigating factors are that to perform the attack you must first be authenticated to the database which means having a valid username and password. If security best practices are followed in the first place the potential for exploitation of this attack should be minimized.

Here is the bulletin from Oracle: Security Alert