Submission + - MS Confirms Zeroday Flaw, Drive-by Exploits
Automatic Pow writes: Microsoft has issued a security advisory with confirmation of a zero-day Windows vulnerability in the way animated cursor (.ani) files are handled. The threat is caused by insufficient format validation prior to rendering cursors, animated cursors, and icons. Drive-by exploits against Internet Explorer users have already been picked up in the wild. Windows Vista is confirmed vulnerable.