The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
http://twitter.com/thezdi/statuses/309756927301283840
http://twitter.com/VUPEN/statuses/309713355466227713
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157