Originally Posted by KVS
Actually, no. If you carefully [re-]read the Microsoft's bulletin for this issue (using the link above), you will see that you don't actually have to open the WMF file -- all you have to do is use MSIE to visit a web page (HTML) that contains an embedded WMF image. If you use any other browser to visit the same page, nothing is gonna happen, because those browsers do not support WMF images.
Actually, Yes. In Firefox, you get a broken-image display when a WMF file is used in an IMG tag; if you right-click on the broken-image icon and select "view image", Firefox will attempt to open it using whatever application is associated with WMF files.
And if you receive an infected WMF file as an attachment to an email and elect to open it, regardless of email client, you may also become infected.
The issue is with a DLL that is used by multiple applications. MSIE uses it to render WMF files used in IMG links transparently to the end-user. However, it's very easy to open these files regardless; until this security bulletin was created, most people assumed that WMF files were probably benign.
The use of alternative browsers and email clients often lures the end-user into a false sense of security. I'm simply pointing out that they're not cure-alls . . . you can still
easily get into trouble.