In the paper they say that they have found a way to corrupt memory but they need a process with higher rights to execute that corrupted memory, otherwise they can't damage the system (buffer overflows).

Now IE runs in Vista with low rights (IE protected mode). If they are able to make IE execute the code they can't do much with it: the IE process doesn't see the file system as it is nor is the code that is executed within the IE process able to alter or corrupt system files or users files.

The paper says nothing about how or if they break out of the IE sandbox. They probably haven't found a way to do it otherwise they would have added that too - seeing how many different ways of attack they address and describe in their paper.

I'm really curious about the response from our security guys...