The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup objects. Researcher Peter Van Eeckhoutte of Corelan discovered the vulnerability last year and, through the ZDI, disclosed it to Microsoft in October. The vendor acknowledged the report, but more than six months later, a patch was not forthcoming. Microsoft officials said they re in the process of building and testing a fix for the vulnerability. However, there s no stated timeline for releasing that patch.
Source: https://threatpost.com/microsoft-working-on-patch-for-ie-8-zero-day/106247/