Remember the extremely critical Windows .wmf exploit from a few weeks ago? According to Kaspersky Labs these exploits were offered for sale by two or maybe three competing Russian hacker groups for $4,000. But according to the reports the hackers didn't really understand the nature of this exploit.
One of the purchasers of the code was a criminal ad-ware/spyware business, and it looks like this was how the exploit became public.
It claims that the flaw which was only patched by Microsoft in early January was probably first discovered at the start of December, and by a virus writer rather than a security researcher.
If true, this challenges the disclosure argument. Those that made the information on the flaw and exploit code public were slammed by Microsoft and the security community at the time. But if that information had been kept strictly within hacking circles, Microsoft may not have even heard of the problem while its customers were being infected with viruses.
More info at PC Pro. This vulnerability has been patched by Microsoft on January 6th.