This complex vulnerability is a rare, “unicorn-like” bug found in code that IE relies on but doesn’t necessarily belong to. The buggy code is at least 19 years old and has been remotely exploitable for the past 18 years. Therefore, this vulnerability has been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library (OleAut32).
Read more here – http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows