To be fair, it sounds like it uses a combination of an IE bug and Flash bug.
The exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections.
...
The SWF file calls back to Javascript in IE to trigger the IE bug and overwrite the length field of a Flash vector object in the heapspray.
For now. Reading into it, it seems like they found one of the useful UAFs that facilitates a memory write instead of your less useful CALL virt_func. Flash is just a means to create an infoleak by over-wrting the vector length, it is likely that you could do the same without any dependencies by just targeting IE itself.
