It appears that the bad guys who exploited Adobe in August, and stole ColdFusion and Adobe (maybe) source code, as well as millions of credit card numbers, used a well known ColdFusion vulnerability.