WMF infection served to, umm, about a million people?

WMF exploit hits unpatched machines through a banner ad.

An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company.

Link here.