The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.
This is not a deal breaker since the accord the US, France and Russia initialized Wednesday only foresees removing 80% of Iran's known supply of enriched uranium to Russia.