Update: Microsoft has now issued a security advisory on the WMF vulnerability.

There's a new zero-day vulnerability related to Windows' image rendering - namely WMF files (Windows Metafiles). Trojan downloaders, available from unionseek[DOT]com, have been actively exploiting this vulnerability. Right now, fully patched Windows XP SP2 machines machines are vulnerable, with no known patch.

F-Secure has some information on this as does The Internet Storm Center Note that if you have the Google toolbar installed it is enough to download the file with an "inactive" client (i.e. one that by default does not execute what you download) like wget or similar because the Google toolbar will index the infected file anyway!

It is not mentioned if other operating systems like Windows 2000 or 98 are also vulnerable.