(Via Ed Bott) A flaw in the way WMF files (Windows Metafiles) are processed by Windows means that even fully patched versions of (at least) Windows XP and Windows Server 2003 are wide open to attack from exploits currently circulating on the Web that drop and run previously known Trojan Horse programs. Exploits using this flaw are “zero day” since there was no advance warning and “drive-by” in that merely browsing a website or opening email with a malicious WMF file will infect a system.
F-Secure has more and notes that paradoxically, the Firefox browser version 1.5 is safe because it has an apparent bug in how WMF files are handled. There’s more from F-Secure here and possible workarounds are discussed in Juan Carlos Perez’s article at InfoWorld which also contains this observation:
However, the number of attacks could increase dramatically if malicious hackers find more automated ways to target systems, such as using e-mail, instant messages or file sharing, according to Ken Dunham, director of the rapid response team at VeriSign Inc.’s iDefense.
Attacks so far have been limited to installation of adware and spyware on compromised machines, but “you’re probably going to see Trojans and more sinister code develop and emerge in the next few days,” Dunham said in an interview.
Microsoft is investigating.