This is a zero-day exploit, the kind that give security researchers cold chills. It works by exploiting a weakness in the Windows engine that views graphics in the Windows Metafile (WMF) format. You can get infected by simply viewing an infected WMF image.
Ed also has details on a workaround fix that I’d advise everyone to use. Ironically, it appears that Firefox is safe – not because it’s better, but because there’s a bug in the way it handles Windows Metafiles!