The Internet Storm Center has gone to yellow alert over the WebViewFolderIcon setSlice vulnerability being exploited in the wild. Here's a summary of some of the information available to date:

• Currently the best way to protect yourself is by setting a kill-bit on the vulnerable controls (there are two of them).
• Jesper's Blog has guidance on how to do this in a corporate environment.
• Exploited or malicious sites are now including the vulnerability, typically in an iframe.
• This may be just the tip of an iceberg. According to Alex Sotirov on full-disclosure:
  "We're also researching additional exploitation vectors. The underlying cause of the setSlice vulnerability is an integer overflow in COMCTL32.DLL, a core Windows component used by a large number of applications. The WebViewFolderIcon ActiveX control is most likely only one of the attack vectors for this vulnerability."
• The Microsoft advisory is 926043

As always, be careful out there!