Escaping the Internet Explorer 8 sandbox appears to be the latest and greatest in Windows exploit development.
In this QuickTime movie (.MOV file inside a .ZIP), Alex McGeorge of Immunity Inc. uses their CANVAS exploit testing software to demonstrate a new exploit from the White Phosphorus exploit pack. The new exploit breaks out of the IE8 sandbox, allowing shell code running in the context of the LocalSystem account.
As McGeorge says in the demo, the IE8 sandbox has proven to be "quite formidable." It runs browsing sessions in low-integrity processes with very limited rights. There are a lot of exploits that run in the IE8 sandbox, but they can't do anything to make the exploit worthwhile.
At last week's PWN2OWN contest at the CanSecWest conference researcher Stephen Fewer broke out of the IE8 sandbox with a 0-day bug, apparently in IE8 itself. Fewer agrees that IE8 is a tough target and that sandboxes make exploitation much harder: