skape & skywing
This vulnerability allows the exploitation of any unhandled exception in Internet Explorer, including NULL-pointer dereferences. It was described in Exploiting the Otherwise Non-exploitable on Windows, published in Uninformed Vol. 4. Bugs like this happen once in a decade.