Today, SANS went to InfoCon YELLOW, due to an exploit involving how Microsoft Windows OS’s handle malformed ANI files. It seems to affect nearly any OS Microsoft makes, so long as they are at the latest patch levels. This includes Vista, and includes IE7. IE7 on Vista in Protected Mode seems to offer protection. The exploit is silent, and allows arbitrary code execution.
According to the article on SANS, Microsoft was warned about this back in December by Determina. Yup, three months ago (this is being generous, since it is now April).
Way to go, Microsoft.