M$ *knew* about it and *ignored* it since December 2006 [!].
But only on April 3 2007 M$ issued patches for Windows XP, 2003 + Vista, 32 + 64 bit [if any1 interested]:
Guess what... Windows 98 (FE), 98 SP1, 98 SE + ME are already protected [sic! ] if you install unofficial U891711 fix:
U891711: Unofficial Windows 98/98 SP1/98 SE/ME Q891711.DLL 4.10.2223 + KB891711.EXE 4.10.2227 Fix [119 KB]:
Read U891711.TXT FIRST:
U891711 MSFN forum:
the newly discovered animated cursor vulnerability (Win2k, WinXP, Vista).
I hope this helps.