The 2007 Pwnie Winner For Mass 0wnage

WMF SetAbortProc remote code execution (CVE-2005-4560)

Discovered by: anonymous

The remote code execution vulnerability in the WMF file format was a feature, not a bug. The exploit was discovered in the wild in December of 2005 and led to massive exploitation on the Interweb. This vulnerability deserves an award for its obviousness, ease of exploitation and high impact.

 (CVE-2005-4560)