A tech named Dylan Reeve has a test site to determine your phone’s vulnerability:
If your phone is vulnerable to the recently disclosed tel: URL attack then this website will cause your phone to open the dialler and display the IMEI code. With other USSD codes it could do any number of other things, including wipe all phone data.
You can find some more information and a simple workaround here: http://dylanreeve.posterous.com/remote-ussd-attack
What does it all mean?!
If visiting this page automatically causes your phone’s dialler application to pop up with *#06# displayed then you are not vulnerable. If, however, the dialler pops up and then you immediately see your phone IMEI number (a 14- or 16-digit number) then you are potentially vulnerable to attack.
A poster on the site made an app to solve the problem without changing dialers: Download his free, open-source app that can intercept these malicious URLs: