Private exploit available for Symantec RAR vulnerability

Dave Aitel over at ImmunitySec has released exploit code for the Symantec RAR vulnerability which was announced in December. This code has been released only to customers of ImmunitySec only. This is a sign that it is possible to develop an exploit for this vulnerability. Not only that, if history is any indication, the super dupper bad guys probably already have it and have been using it in secret in targeted attacks.
[update] – I see this is old news, this actually occured on 2/6/2006, but Symantec Deepsight Alert Service only told me about it now.