Security vendor eEye has issued a temporary workaround for a zero-day exploit which takes advantage of a vulnerability in the Windows cursor.
The hole in animated cursor (.ani) files for Windows, was flagged by Microsoft in an advisory last week, but there are fears it is spreading rapidly. An attacker could exploit the vulnerability through a Web page or e-mail message with rigged computer code, Microsoft said at the time. All versions of Microsoft Windows are vulnerable, including Vista, which the software giant promotes as the most secure yet.
eEye's fix stops Web sites from loading potentially malicious animated icons, according to the company's advisory. It goes on to warn that its fix is only temporary, and that users should uninstall it once Microsoft has released an official patch.
Microsoft has not said when a patch is forthcoming, however, it is unlikely to be until Patch Tuesday, its monthly cycle of fixes for flaws in its products, which is still a week away.
