There is a new exploit on an old vector involving Microsoft's ANI files. ANI is used for animated cursors. Blocking the download of ANI files is not enough - they can be renamed to JPEG to bypass the block and still successfully run arbitrary code on your computer.
This vulnerability affects versions of Windows 2000 and up, including Vista, with Internet Explorer 6 or 7. Those using other browsers will not be affected.
More information can be found at:
http://isc.sans.org/diary.html?storyid=2534
http://www.symantec.com/security_response/vulnerability.jsp?bid=23194
update:
Microsoft is now planning to release a patch for the ANI vulnerability ahead of schedule:
http://www.dshield.org/diary.html?storyid=2555
The Zeroday Emergency Response Team (ZERT) has released an unofficial patch, noted here:
http://www.dshield.org/diary.html?storyid=2551