Microsoft has issued a public warning related to a new zero-day vulnerability targeting Windows .ani files that impacts all versions of the Windows platform including Vista. The zero-day vulnerability in Microsoft Windows Animated cursor handling is currently being actively exploited; but the Microsoft Security response center claims that the attacks are of a limited and targeted nature only.

"The vulnerability is caused by insufficient format validation, prior to rendering cursors, animated cursors, and icons. If successfully exploited, it will allow an attacker to perform remote code execution on the victim machine. In order to carry out an attack, the attacker would need to convince potential victims to either visit a Web site that contains a Web page that is used to exploit the vulnerability, or view a specially crafted email message or email attachment," revealed Andy Cianciotto, Symantec Security Response Engineer.

Following a successful exploit of the vulnerability affecting Windows management of animated cursor (.ani) files, an attacker could remotely execute arbitrary code on the compromised system. All the user has to do in order to get infected is to view a malformed Web page, preview or read a malicious message, or open a specially crafted email attachment.

Although the range of affected Microsoft software is impressive, the mitigating technologies added in Windows Vista do offer additional protection. This does not mean however that Windows Vista is not impacted by the Windows Animated Cursor Handling vulnerability.

Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows Storage Server 2003, Windows Vista, Windows XP Home Edition and Windows XP Professional are all impacted by the critical zero-day .ani vulnerability.