[news=http://news.google.ca/news?imgefp=a7_0CJr5hTkJ&imgurl=www.gameshout.com/news/122005/images/122005_2167.jpg]Secunia, Kaspersky and others have alerts up today about a new vulnerability in the way Windows handles Metafile files (*.wmf). It's a bad one: it has the highest possible risk rating, there aren't patches yet, and there are known exploits in the wild that take advantage of the hole.
According to Kaspersky, it hits IE and "may function in Firefox if certain conditions are met." The AV company's post lists two Web sites that attempt to install a Trojan using the hole.
Both notices strongly caution against opening any untrusted *.wmf files and recommend setting your IE security setting to "High." And of course keep your AV programs updated.