There is a new exploit that will infect a fully patched Windows XP system. Security Focus posted this bulletin:

Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. The issue may be exploited remotely or by a local attacker. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine. Microsoft Windows XP is considered to be vulnerable at the moment. It is likely that other Windows operating systems are affected as well.

Basically any application that displays a WMF image will cause your machine to get infected (i.e. older versions of Firefox, current versions of Opera, Outlook and all versions of Internet Explorer). This one is BAD!

[via]