Well WP 2.8.5 is out and they have a few fixes. Acc to me its a must download as the exploit suggested by 'nux' is fixed/patched in this version.
The headline changes in this release are:
* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.
We would recommend that all sites are upgraded to this new version of WordPress to ensure that you have the best available protection.