US CERT recently published some info on a vulnerability in Windows Explorer to specifically malformed OLE objects.  Based on currently available information, this appears to be a relatively low-level DoS threat, without a code execution capability.

We've added this to our listing of "open issues" in MS products found here.