This latest Magento patch SUPEE-6788 includes a bundle of patches including a patch to a vulnerability in the Zend Framework.
Dawid Golunski notified Magento that this bug existed and provided proof of concept code through their Bug Bounty program under responsible disclosure guidelines. Magento have since fixed the issue, along with several other issues, with SUPEE-6788. – See more at: magento.com
Since the issue was made public by the researcher on October 30th, it is possible we will soon see automated attacks on Magento installations using this or similar code and it is critical that this patch is implemented as soon as possible. The patch is already included in Magento Enterprise Edition 220.127.116.11 and Community Edition 18.104.22.168, so, instead of patching, you can also upgrade. – See more at: magento.com