eEye claim that the vulnerability allows for remote code execution as SYSTEM, McAfee seem to be saying it only allows for placement of arbitrary files on the vulnerable host. McAfee is acknowledging the vulnerability in their EPO product, and have posted a fix. Details at the URL below:

http://knowledge.mcafee.com/article/640/9925498_f.SAL_Public.html

http://www.eeye.com/html/research/advisories/AD20060713.html

Cheers,
Adrien