It was isc.sans.org that gave it away for me.
The ISC handlers' diary includes a screenshot of the exploit code:
http://handlers.sans.org/bzdrnja/xml.png
that, although mildly obfuscated, contains all the search terms anyone needs
http://www.google.co.uk/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=SPAN+DATASRC%3D%23I+DATAFLD%3DC+DATAFORMATAS%3DHTML&btnG=Search&meta=
to seek out a copy of the exploit itself:
http://www.fuckhacker.net/?action=show&id=313