"An attacker may leverage these issues to carry out a denial-of-service attack or execute arbitrary code on an affected computer with the privileges of the user viewing a malicious image," Symantec said. "An attacker may gain system privileges if an administrator views the malicious file. Local code execution may also facilitate a complete compromise."
This could end up being a much worse case than the WMF flaw, which resulted in a lot of headaches and many infected machines. Apparently, this has been known about for close to 3 months. Hopefully, Microsoft will wise up in the future and not wait extreme long amounts of time before fixing things like this, as Outlook and Exchange make up a huge amount of clients in the office environment.