Today someone sent me an exploit for the Windows version of XAMPP: Using our xampp/adodb.php and a buffer overflow vulnerability in mssql_connect() the exploit is able to call arbitrary(!) commands on the targeted system.
If you secured your system as described in our manual, you're a lucky guy and your system is not affected by this vulnerability.
If you haven't secured your system, please do it right now!!!