Are you talking about the UI controls or the browser?iexplore.exe could be deleted at any time. Ofcource because explorer.exe also could handle URLs you could technically still browse via it. (Though I'm pretty sure that by default only URLs in the local/trusted zone were allowed)
And then I believe the help component also relied on the rendering engine. Although the hcp:// vulnerabilities were in the protocol handler (helpctr.exe) and the ms-help:// vulnerabilities were also in the protocol handler which allowed the attacker to bypass ASLR/DEP.
And then I believe the help component also relied on the rendering engine. Although the hcp:// vulnerabilities were in the protocol handler (helpctr.exe) and the ms-help:// vulnerabilities were also in the protocol handler which allowed the attacker to bypass ASLR/DEP.