Zope Security advisory 2008-08-12
PythonScripts in Zope 2 can be misused for shutting down a complete Zope 2 instance or misused for a local denial- of-service attack. This issue affects only those Zope 2 instances where users have unrestricted access to the ZMI and the ability to edit PythonScripts. This should usually not be the case for instances where the Manager access is granted only to trusted persons.
Anyway it is not too dangerous, because you usually do not give manager access to untrusted users. Luckily, install the patch that solves the problem is as easy as download it, put it inside your instance Products folder and restart your Zope instance.
(More information in the README file)
(Ah!, and exploiting the bug is pretty easy once you have manager access, I did some tests by myself some hours ago and all were successful)