Security firms warn of zero-day Vista and IE7 exploit
floating around that could allow attackers to take complete control of a users PC. Microsoft has acknowledged the flaw in Windows animated cursor which allows developers to display small animations around the mouse pointer.
It is stated in the advisory that the attackers might hide other types of file extensions within the animation allowing the attacker to execute code on the affected system. The attacker could create a specific type of web page for his purposes, send an email with a link in it and when a user clicks on the link, the vulnerability is exploited.
Full article here: Source