In order to help users better understand the recently reported vulnerability in Microsoft Windows animated cursor handling, Symantec Security Response is providing a summary of the issue as well as additional information that may be useful in helping users mitigate the risk of exploitation of this vulnerability.

Microsoft Security Advisory 935423 describes the situation wherein an attacker could embed malicious code within an animated cursor file. This code, if properly crafted, could give an attacker the same user access privileges as the current user on the system. In order to carry out an attack, the attacker would need to convince potential victims to either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or e-mail attachment. Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment the attacker could cause the affected system to execute the intended malicious code.

Users of Outlook 2002 (or later) or Outlook Express 6 Service Pack 1 or later can mitigate the risk of being compromised via an email with a malicious animated cursor by reading email messages in plain text format.

Symantec Security Response has released virus definition signatures that will detect threats that attempt to exploit this vulnerability. These threats will be detected as Bloodhound.Exploit.131. Certified virus definitions dated March 30, 2007 or later contain this detection.