MSIE users may be infected automatically. Firefox, Mozilla and Opera users will be prompted for action (open with application, save to hard drive).
F-Secure:
"In our tests (under XP SP2) older versions of Firefox (1.0.4) defaulted to open WMF files with "Windows Picture and Fax Viewer", which is vulnerable. Newer versions (1.5) defaulted to open them with Windows Media Player, which is not vulnerable...but then again, Windows Media Player is not able to show WMF files at all so this might be a bug in Firefox. Opera 8.51 defaults to open WMF files with "Windows Picture and Fax Viewer" too. However, all versions of Firefox and Opera prompt the user first."
I've tested Firefox 1.5 and Mozilla 1.7.12. With both browsers, the above is the case. In my case, Paint Shop Pro is resgistered to handle WMF files. When encountering a WMF file (which I created myself) embeded in a HTML file (I tried both the IMG and EMBED tags), these browsers prompted for action.
Opera 8.5 displayed the IMG tagWMF file as an empty box with the word "Image" inside. The EMBEDED tag WMF file was displayed as an empty box with the words "Plug-in content" inside.
I've had the same experience with Mosilla and WMF files. It doesn't open them but prompts for a program to open them with.