Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege.
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html