Last month, Fireeye catch a 0day attack which the MS assigned CVE-2013-3918 to. Basically, this 0day may be in the wild more than one year. We can find the sample in here http://jsunpack.jeek.org/?report=0fe86b1a6fc27dbd4134d96e68b9153682cc6831. And Metasploit also release a module which can work on winxp+ie8. Now I will give a deeply analysis for this vulnerability.