After 180 days windows when vulnerability in IE8 wasn't patched a Zero-Day Iniciative published details on it. To exploit it the user interaction is needed. After convincing the user to click on a link to a malicious or compromised website the attacker can infect the user's machine and gain the same rights as the user.