Win32/Vista IE exploitations?

[K2 <ktwo () ktwo ca>]

I've been writing this exploit for IE (XP2 & Vista in scope, IE6 isn't as 
there are so many other bugs in that it's pointless to target), let's call 
it;
f7313c45262258a7f695c6898138e7e8

I'm currently working on upping the reliability.  I'm at 80% now.

Does anybody have any decent cross thread surviveability techniques? 
The case is, process heap overwrite such that, a second exception handler from 
some other thread fires before I can set unhandled processing.

-- 
Our problems are so serious that the best way to talk about them is
lightheartedly.