This vul can be exploited, at http://www.xfocus.net/flashsky/icoExp/index.html ,i give a test exp(open 28876 port) for windows xp sp1, but it need html sctipt run and allocate memory.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html