The Sunbelt Software Blog has details on a new security exploit that blows by fully patched Windows XP systems:
Any application that automatically displays a WMF image will cause the user’s machines to get infected. This includes older versions of Firefox, current versions of Opera, Outlook and all current version of Internet Explorer on all versions of Windows.
This is a zero-day exploit, the kind that give security researchers cold chills. It works by exploiting a weakness in the Windows engine that views graphics in the Windows Metafile (WMF) format. You can get infected by simply viewing an infected WMF image.
Another report from F-Secure says so far it’s being exploited by a handful of sites in Russia, but it will spread. You’re most likely to get directed to one of these sites via a spam message offering dirty pictures, free software, and other forms of bait.
I expect that all major antivirus companies will have detection and prevention for this by the end of the day. I don’t know of any workarounds, but will update this post if I hear any more. For now, use the most recent version of Firefox rather than any other browser and steer well clear of unknown/untrusted sites. I copied this from click here dated 28/12/05. Thought it would be of some interest. J.B.