Windows Animated Cursor 0-day

Microsoft has issued a security advisory about a new 0-day exploit which exploits how Windows handles animated cursors. The exploit does not require interaction beyond visiting a malicious site or opening a malicious email. Also, although these files are typically ".ani" filetypes, the exploits being seen in the wild are simply renaming the files as ".jpg" and they seem to still be working. Also important to note is that this affects not just Internet Explorer 6, but also 7. However, Microsoft stated in their advisory that IE7 under Vista is not affected (but they did not make this claim for Outlook). Also, a post over at the McAfee Avert Labs blog has a video of a malicious .ani file initiating a crash loop DoS on Windows Explorer in Vista, though this is not exactly what would happen for web-based attacks.

At this time WebSense says it is tracking 9 different sites hosting the exploit, one of which was implicated in the Dolphin Stadium hack from last month.

ISC also has a running post with a list of sites and a collection of other relevant information.

And for those with Snort installations, Bleeding Edge Snort has rules for the current exploits

Update:
This issue is being tracked by both CVE-2007-0038 and CVE-2007-1765(deprecated in favor of the former).

Additional ISC stories include one with a vulnerability table and one regarding ways by which to filter the exploits (with a newer list of sites which are hosting the exploits).