Pretty sure IE will be shown as an escape vector any day now.
If a "lone" application like IE can break the sandbox, it's not a sandbox at all. If the idea is to run applications in an isolation environment that basically mimics the external environment, IE should have broken windows too, not just the sandbox. Clearly IE is doing some so low-level that the virtualized environment couldn't handle it. That tells me it's low enough that it will probably expose the primary system to the sand boxed environment somehow.
Otherwise, why can't I just use the sandbox without trying to launch IE?
Until Microsoft kills IE and permanently divorces it from the underlying OS, Windows will NEVER be secure.