This function was designed to be called by Windows if a print job needed to be canceled during spooling.
This really means two things:
1) There are probably other vulnerable functions in WMF files in addition to SetAbortProc
2) This bug seems to affect all versions of Windows, starting from Windows 3.0 – shipped in 1990!
“The WMF vulnerability” probably affects more computers than any other security vulnerability, ever.
Impressive, and scary. Update those virus signatures, kids.