In a column for ZDnet, George Ou reveals that security firm Determina plans to release a proof of concept animated cursor exploit that will allow attackers to hijack Mozilla 2 and IE7 running on Vista. An attack could allegedly be stopped by Microsoft’s DEP (Data Execution Prevention) in Windows XP SP2 and Vista but is confoundingly turned off by default in most Windows programs. Interestingly enough, IE7 has the advantage here, as Ou writes, “What’s interesting about this is the fact that Firefox doesn’t have the benefit of Protected Mode under Vista, which can somewhat mitigate the damage that can be done if Internet Explorer 7 is exploited by this vulnerability.” Determina is waiting for Mozilla to issue a patch before releasing the exploit code. As you will recall, Microsoft will be releasing a patch for the vulnerability today.

For more on the attack:
– see this ZDnet column