Just when you stopped having nightmares about the Windows MetaFile (WMF) bug of '05: now there's a new WMF exploit in the wild.
A researcher with the pseudonym of cyanid-E yesterday published a new WMF vulnerability, which he says he reported to Microsoft in late June. The vulnerability exploits the same GDI Client DLL library (gdi32.dll) as did the previous zero day WMF flaw WMF flaw, which was a major security problem for enterprises.
This bug for the moment only crashes the browser, but it is well
possible that a malicious hacker can upgrade it for remote access.
polonus