Users with vulnerable and unpatched systems can fall prey to an attack if they navigate to a web page containing a malicious WMF file, if they open a malicious WMF file in an email attachment or if they open a document, such as a Word document, that contains such a file.