It does worry me, not that people are still finding bugs in IE, but that those bugs are so prevalant and easy to find, and nobody has bothered to actual fix the cause (not just patch the resulting symptom).
Use-after-free = we don't track variable state / memory handling properly and could crash your browser in a second even in normal use.
ASLR = defeated by making IE load an "old" pre-ASLR DLL (why do those still exist, and why don't their addresses get randomised by some wrapper for them?)
DEP = defeated by putting "jmp" statements into the data area (instead of literal code) that call into executable memory which does the actual work instead. (Why is this allowed and why does the "jmp" not get classed as an execution in a data area too?)