Found this on slashdot.org. Looks like there’s another serious hole in the Windows API that can allow a hacker to embed code inside a Windows Metafile (WMF) picture, and run that code on your machine. Beware of email from everyone that contains pictures! Here’s a link to the slashdot article (with more links located there).