How Google was Cracked by the Chinese
Affected are IE 6, 7, and 8, most revisions, according to their security advisory. Apparently a dangling pointer is to blame - these are hard to find unless they cause stability issues.
Food for thought: anyone with the resources to rip apart binary code to craft one of these exploits has significant funding, and significant backing. The only other option is a source code leak at Microsoft.
Everyone else who "trusted their vendor" really needs to rethink it. And anyone who still thinks closed source is more secure, well, there is some cheap swampland someone will sell you...