http://www.f-secure.com/weblog/
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/29/AR2005122901456.html
... there's an unofficial hotfix (that patches at a very low level) recommended:
http://www.hexblog.com/2005/12/wmf_vuln.html
--
simon
|