and the poc http://www.computerterrorism.com/research/ie/poc.htm
and you will find some other proof of concepts here
The mistake was found as a functional bug in may and due to the problems with patching it for an universal tool als internet explorer wasn't patched. Nobody thought you could execute code remotely this way. We know better know.