PHP.net has discovered security flaw for their
WINDOWS release of 5.2.9. They have release another version of php 5.2.9-1 with a fix.
If you've already updated PHP to 5.2.9 I seriously suggest that you get to updating again. Especially if you are using cURL (enabled by extension) and have open_basedir or safe_mode enabled. If you don't have ether of those enabled and/or you don't use cURL then your in the clear.
For those of you who use an eCommerce package that requires cURL for credit card payments then I seriously suggest you do some research and/or upgrade your php installation.
http://www.php.net/archive/2009.php
http://curl.haxx.se/docs/adv_20090303.html
Enjoy