SecurityFocus just posted a bulletin on it.
Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability.
The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file.
The issue may be exploited remotely or by a local attacker. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine.
Microsoft Windows XP is considered to be vulnerable at the moment. It is likely that other Windows operating systems are affected as well.
Any application that automatically displays a WMF image will cause the users machines to get infected. This includes older versions of Firefox, current versions of Opera, Outlook and all current version of Internet Explorer on all versions of Windows.
This is a really bad exploit.