We just released a new version of the Metasploit Framework exploit module
for the Escape/SetAbortFunc code execution flaw. This module now pads the
Escape() call with random WMF records. You may want to double check your
IDS signatures -- most of the ones I saw today could be easily bypassed
or will false positive on valid graphic files.
Available via msfupdate, the 2.5 snapshot, or straight from the web site: