The message continued to say that two new vulnerabilities were discovered, they were reported to Oracle today, accompanied by a working Proof of Concept exploit code. As per Security Explorations' own disclosure policy, details about the vulnerability will not be publicly disclosed until Oracle releases a fix.
The Vendor Status page on the Security Explorations web site shows the following update dated January 18, 2013:
- Vulnerability Notice along with a Proof of Concept code are sent to Oracle corporation (Issues 51 and 52).
- Oracle confirms successful reception and decryption of the vulnerability report. The company informs that it will investigate based on the data provided and get back to us soon.
- Oracle provides tracking numbers for Issues 51 and 52.