Microsoft has confirmed it is investigating attacks exploiting a vulnerability in the way Windows, including Vista, handles animated cursor (.ani) files.

In a security advisory, the software giant says that in order for this attack to be carried out, a user must either visit a website that contains a Web page that is used to exploit the vulnerability, or view a specially crafted E-mail message or attachment sent to them by an attacker.
Animated cursor is a component that lets developers show a short animation at the mouse pointer's location.
These files typically use the .ani extension, but Microsoft has warned that hackers might disguise malicious animated cursors with other extensions, pointing to a report from the SANS Institute stating it had received reports of in-the-wild exploits using files renamed to .jpg.