This is extremely serious.
Other points to note:
The file does not have to have a .ANI extension. If the file has a .JPEG extension, the exploit still works. Several exploit implementations already are using this technique to bypass filters.
All versions of Windows from 95 through Vista and all versions of Internet Explorer and Outlook and Outlook Express are vulnerable.
Windows Explorer, when not in "classic" mode, will cause the code embedded in the ANI file to be run when you browse to the containing directory.
Putting a malicious ANI file on the desktop in Windows Vista reportedly causes the machine to enter into an infinite crash and reboot cycle.
Note from the sponsor: Customers of eSoft's Gateway Antivirus are protected from this exploit.