This is assuming they first run an exploit to penetrate the firewall (ICF version 2 in SP2 helps prevent that), and then exploit the machine to gain process administrative privileges (kernel/process memory protection offered by SP2), and then inject an attack via IE (Which is being fixed as we speak, and MS already stated that they want people to use browsers other than IE)