Bromium report has the information plus a lot more.
Two items of note in the report:
1. the type of exploits occurring in IE, Java and Flash
The security system of the Operating system(ASLR and DEP) was exploited in Zero-day attacks in Internet Explorer(IE).
The new Adobe Action Script feature was exploited in Flash
And in Adobe reader the sandbox master process was bypassed
2. there are good news in the patching of the vulnerabilities.
The IE patches are coming out much faster than before. From 80 days to 10 or less.
My take on it is Microsoft realizes speed is of the essence in security breaches.
although as usual there are a lot of IE vulnerabilities. As per the latest IBM XPU (34.070) there are 5 IE memory corruption vulnerabilities included in the XPU update.