0 Day vulnerability in .ani files

Apparently there is a new zero day flaw in Windows (Vista, XP, 2000 Sp4, 2003 server).

It involves .ani files (usually associated with animated cursors) A malicious website could exploit this, and install all sorts of "delightful things" onto your system?

More details are here:

http://www.lasvegassun.com/sunbin/st...033005198.html

I guess that I am surprised that it has taken so long? after all, an animated cursor or icon is a form of executable? The idea of using screensavers (.scr) as an attack vector is relatively old, and I would have expected the .ani to follow on much more rapidly?

Perhaps it is a reflection of the recent major shift in direction towards revenue producing criminality, in the malware world?