Month Of Browser Bugs
In July, HD Moore ran his month of browser bugs, most of which were d0s and not code executers. It seems he's corrected one, and last night provided a working metasploit module that he says will allow remote code execution on fully patched systems running XP SP2. We have not yet been able to verify whether this actually works as advertised, but if it does, it will almost certainly find its way into the wild very quickly.
We added SocketShield sigs for all the Month Of Browser Bugs preemptively, so I expect that we'll find this one with little or no changes to the sigs.