.wmf files are actually a sequence of graphic commands. This particular bug will execute arbitrary commands on your machine when a malicious file is viewed at all, so just viewing a web page containing this type of image will allow your computer to be infected.
As of now there is no patch for this bug. A workaround to protect your computer that will remove support for .wmf files completely. This will stop some services. Details on how to apply this and more information about this bug can be found from the CERT bulletin on this exploit.
The link above also contains instructions for turning .wmf support back on, which would be done once Microsoft releases a patch.