A new security flaw has been exposed in Windows involving “Windows Metafiles” which typically have a .wmf filename extension. The flaw is rated as critical and no patch is yet available from Microsoft to fix the security hole. It is recommended that users not open or preview any files witha *.wmf extension and set Internet Explorer security settings to “High”.
The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003/SP1 are reportedly also affected. Computers will be infected by programs from the Agent.acd family, if users visit unionseek.com or iframeurl.biz. The malicious programs are downloaded to the victim machine and launched via the WMF vulnerability. Agent.acd will then download other Trojan programs to the victim machine.
Source: Techtree.com India > News > Security > Windows Metafile Flaw Exploited