Microsoft security advisory: http://www.microsoft.com/technet/security/advisory/979352.mspx
"The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."
Does anyone know infected sites ?