Invision Board Vuln

While watching a little NASCAR this evening and IMing with friends, I decided to check out the Movable Type Support Forum. Movable Type is the blog software I use over at infosecblog.org.
The second I browse to http://www.sixapart.com/movabletype/forums/index.php I notice an odd script prompt:
Next I got virus alert popups from Symantec Antivirus telling me I had wmf exploits in my temp files!
It looks like Six Apart (the company that makes movable type) is using Invision Power Board version 2.0.4. A major vulnerability was announced on this version a few days ago.
Moral of the story, if you haven’t learned it already. 1) patch your system. 2) up to date antivirus 3) even when you aren’t surfing the seedy underbelly of the web, you can get exploits thrown at you.
I’ve sent an alert to the ISC as well as to the webmaster at six apart.