Shocking quote from the person that found "part" of the vulnerability:
"I can only say that Microsoft's suggestion for a workaround is not enough. This combined Safari/IE vulnerability might still be successfully exploited, even if the user will change Safari's download location. Also, the Safari "Carpet Bomb" vulnerability can be used in combination with vulnerabilities in other products, so even if MS fixes their vulnerability, Safari users will still be vulnerable.
The current best solution is to stop using Safari until Apple fixes their vulnerability."
(Bold typeface in quote added by me . . .)
Also, if you want to know what the first part of the vulnerability in Safari could potentially do to your desktop -- see this site (pics and tech info):