I haven't tested the code myself, but no reason to think it doesn't work. Consider this your "exploits are in the wild" notice.
And here is the direct link for anyone who's interested: http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072340.html