The vulnerability is caused due to an error in the handling of corrupted Windows Metafile files (".wmf"). This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. selecting the file). This can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.A fully patched Windows XP SP2 system is vulnerable and Windows XP SP1 and Microsoft Windows Server 2003 SP0 / SP1 are also affected. Other platforms may also be affected.
It's advised not to open untrusted .wmf files and set security level to "High" in Microsoft Internet Explorer.