I can’t find anywhere that explains what the vulnerability is, or gives sample exploit code.
mmm...
Geeks who actually understand it tend to have their own sources, but there’s a fair amount of details like
http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/
...This Java vulnerability is due to improper security protections on built-in classes in the Java Runtime Environment.
An unsigned Java applet can use the setSecurityManager() function to bypass security checks and access an elevated security context.
There are a few allegations that the exploit for this new Java vulnerability (CVE-2013-0422) is very similar to the Java vulnerability reported late last year (CVE-2012-5088); however, it seems they are fairly different.
This article describes some of the technical details of the exploit...