Another gift from Microsoft to end the year! :)

Summary:
The exploit "is misusing a function in the WMF library in Windows," dropping onto the machine a downloader Trojan "that pulls down its big brother, a more sophisticated Trojan" from a server on the Internet.

"Then it might try to pull down adware, spyware or a bot program," that can turn the computer into a zombie to be used for attacking other machines or sending spam, or just leave a hole on the computer through which sensitive data could be stolen."

The WMF vulnerability affects computers running Windows XP with service pack 1 and service pack 2, as well as Windows Server 2003 with service pack 0 and service pack 1. It can be exploited when an Internet Explorer user, or Firefox user under certain circumstances, visits a Web site that has malicious code on it or when a user previews .wmf format files with Windows Explorer.

Read the full story at: Trojan delivers unwanted gift to Windows PCs | CNET News.com