According to the CVE entry, the flaw is in the Java 2D subcomponent and affects Java SE 7 Update 21 and earlier, Java 6 Update 45 and earlier and Java 5.0 Update 45 and earlier, as well as OpenJDK 7.
The vulnerability, CVE-2013-2463, was patched in June when Oracle released its most recent Critical Patch Update for Java 7 Update 25. Reportedly, exploit code for a previously patched vulnerability in Java 6 has been folded into the Neutrino exploit kit, another reminder for organizations reliant on the Java to stay tuned in and up to date on patches for the browser plug-in. That doesn’t mean attackers have pushed back from targeting Java 6, and that certainly doesn’t mean that organizations have upgraded to version 7. Unless you have an Oracle product that requires Java 6 or are paying for support for that version of the platform, you’d seen the last publicly available updates as of February.