This attack is only possible with Internet Explorer users as it exploits the old IE CSS comment hack; a very creative find indeed from the guys at ProCheckUp.
Proof of Concept:
Alert box injection - simply provided for testing purposes (may cause DoS issues on Internet Explorer) http://target/vuln-search.aspx?term=</XSS/*-*/STYLE=xss:e/**/xpression (alert('XSS'))>
ASP.NET will also escape double quotes(“), so although a number .NET servers are vulnerable to this, it is somewhat mitigated by this fact.
ASP Auditor (with a little mod) could be used to test if your web server(s) are vulnerable. Let me know if your interested. I hope to add this check to the tool shortly.