Hi avatar2005 and DavidR,
Good that avast protects us from the first worm that uses the animated cursor leak in Windows. This worm spreads through e-mails and infected websites. So using Firefox browser until the hole is patched is recommended. Whenever you view the HTML the worm can be spread further, not only via the ANI-exploit, also through USB sticks and other media. The worm changes the settings of the Host file, and downloads a variant of the Trojan-PWS.Win32OnLineGames malware.
Microsoft was aware of this hole since December last. In severity the ANI-leak equals the WMF bug, so Internet Storm Center has yellow now.
ANI files date from the days of Windows 3.1. It is a bug in user32.dll, present in all 32bit Windows versions.
Actually it is a ridiculously simple bug, a stack-overflow in the second non-checked part of the ANI-header, more so while a similar stack overflow had been found in the first part of the ANI-header in 2005.
I think we are unaware of what holes lay dormant waiting for us to be discovered in the near future.
polonus