REALLY BAD Windows Flaw!
This one is major nasty! It affects fully patched Windows XP systems running Service Pack 2, and is actually out in “the wild.”
“A new exploit has been discovered in the wild that affects fully patched Windows XP SP2 systems, according to reports by security firms F-Secure and Sunbelt. The malicious code takes advantage of a vulnerability in the WMF graphics rendering engine to automatically download and install malware. WMF, or Windows Metafile, is a vector based image format used by Microsoft’s operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise.”
Microsoft has been notified of the issue, and they are expected to come out with a patch soon.