The hole means that an attacker can hide malicious code on a webpage or an e-mail containing files with the wmf extension.

BBC: Hand on computer mouse

In its security advisory, Microsoft labeled three of the bulletins "critical, " meaning an attacker could remotely execute malicious code on unpatched systems.

MSN: Microsoft to Fix 28 Security Bugs in Monthly Patch

"An attacker can craft a malicious internet link to execute malicious code remotely on victim's system, which has Origin installed, " wrote the researchers in a paper detailing their work.

BBC: Players at risk from game store hack attack