There is a new exploit on an old vector involving Microsoft's ANI files. ANI is used for animated cursors. Blocking the download of ANI files is not enough - they can be renamed to JPEG to bypass the block and still successfully run arbitrary code on your computer.
This vulnerability affects versions of Windows 2000 and up, including Vista, with Internet Explorer 6 or 7. Those using other browsers will not be affected.