Windows cursor flaw poses ‘drive by’ risk

A zero-day exploit that takes advantage of a vulnerability in the Windows cursor could be spreading rapidly, CNET reports.

Microsoft is investigating reports of attacks exploiting a flaw in the way Windows handles animated cursor (.ani) files.

The hole in Windows’ animated cursor handling has moved from a targeted attack to one that is widespread, said Johannes Ullrich, chief research officer for the Sans Institute.

“You don’t have to click on a link to get it to launch,” Ullrich said. “You just have to open a malicious e-mail or go to a malicious Web site.”

Several dozen Web sites have become infected with the exploit, and Microsoft has yet to issue a patch.

The vulnerability affects all recent Windows versions, including Vista.