F Secure notes a new version of the email exploit was launched from South Korea. It's got a cryptic, cloak and dagger style of message, so less people are likely to be sucked into this one. The subject is marked "Confidential" and the attached file is "Map.wmf" along with the following lines in the body of the message:
Attached is the digital map for you. You should meet that man at those points seperately.
Delete the map thereafter. Good luck.
F Secure also points out that the WMF exploit appears to be a poor design from the 1980s(!) when Microsoft designed how this file would be handled. From the blog posting comes this ominous warning:
This really means two things:
1) There are probably other vulnerable functions in WMF files in addition to SetAbortProc
2) This bug seems to affect all versions of Windows, starting from Windows 3.0 - shipped in 1990!
"The WMF vulnerability" probably affects more computers than any other security vulnerability, ever.