Busy past few weeks … first the VML exploit (now patched by Microsoft), then the daxtcle.ocx exploit (not patched yet), and then last night, our friend Roger Thompson reported seeing another exploit, commonly referred to as “setslice” [since it uses the setslice() method to exploit] in the wild.
Mitigation methods are basically non-existent in Microsoft’s advisory, so the best source of information on mitigation is this SANS entry here. The SANS website links to a test page. Run the test page, see if your browser crashes. Then run the program they have made available to set the kill bits.
Also, both ZERT and Determina have relead temporary patches against this exploit, here.
Secunia advisory here.
Be safe.
Alex Eckelberry