Last night HD Moore released an exploit module for Metasploit Framework 3 that exploits a fully patched Windows XP SP2 system, which includes remote code execution. Previously this was announced on the Browser Fun blog as a DoS only exploit. More information at: http://riosec.com/msie-setslice-vuln