It’s currently the hottest exploit on the internet. The latest windows exploit affects win XP sp2 and other version of MS Windows and still has no patch. It is exploitable via both Internet Explorer and Firefox (as well as email), this vulnerability is found in the Windows Graphics Rendering Engine and allows remote code to be executed on the affected system.
Users of Internet Explorer can be exploited in an automated fashion. Users of Mozilla Firefox, while still at risk, are less vulnerable, as they would need to download and execute a malicious WMF file.
for the unofficial patch: HexBlog
