IE is only part of it. Flash would be another gaping security hole across most browsers, and one that can hit people going to legitimate sites too. Flash banner ads can (and do) frequently carry malware payloads that the site owners aren't even aware of. This is how most peoples MMO accounts are being hacked, with some recent nasty code even defeating the Vasco authenticators. It managed to sniff the code the user was typing in, and sent it real time to the hackers who were standing by to log in before the code was invalid.