Visual Basic Script (VBScript) was introduced to IE as of version 3.0 and since then this breach has existed and it exploits the Windows OleAut32 library.
And make no mistake; this is a serious one since IE3.0 and all versions of Windows, including Windows 8.1 are affected.
On the "Common Vulnerability Scoring System" scale from 1-10 Microsofts rates this as a 9,3!
Naturally this is not good for persistent Windows XP users, who do not get these patches anymore (even if there are ways around that).
Basically your Windows box can be fed with dangerous code by tricking you to enter an address in the browser.
An attacker who successfully exploited this vulnerability could gain the same user rights as the current user, so you better not do all your work as admin
There is no evidence that this has ever been exploited by hackers.
How to avoid it?
Just don't use Internet Explorer - that should be enough.
More here
