I'm a few days late on this, but we released Microsoft Security Advisory (912840) on the WMF vulnerability, having made three revisions since 12/28/05.
Until a fix is developed, we have released a workaround that involves unregistering the Windows Picture and Fax Viewer (Shimgvw.dll) from Windows XP SP1, SP2 and Windows Server 2003 systems as follows:
- Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
- A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
This workaround will prevent the Windows Picture and Fax Viewer from opening an image type associated with the Windows Picture and Fax Viewer, and should prevent infection until the fix is released.
For more detail (and how to re-register the DLL once the fix is available), please see Microsoft Security Advisory (912840).