Zend XMLRPC vulnerability allows an attacker to read any file on the web server where the Zend XMLRPC functionality is enabled. This might include password files, configuration files, and possibly even databases if they are stored on the same machine as the Magento web server.
The following bug was assigned to this vulnerability in Zend Framework:
ZF2012-01: Local file disclosure via XXE injection in Zend_XmlRpc
Patches for the vulnerability are described in this article: