Intevydis published a flash video on Monday showing what appears to be a new 0day exploit against MySQL 5.x. The demo (http://intevydis.com/mysql_demo.html ) is for a recent exploit included in their VulnDisco exploit pack for CANVAS as of Aug 2009. The demo shows as running against 5.0.51a-24+lenny2 but the description appears to be "MySQL 5.x Exploit" which suggests it may work against other versions as well. Current versions for MySQL are 5.1 (recommended) with a 5.5 release available.

If anyone has any additional details on this vulnerability we'd love to hear about it.