Yesterday there was this article about visual basic used as a virus vehicle in Word . and from earlier we remember how an infected flash object in an excel spreadsheet was used to effect the RSA hack
if you think of your computer as a castle with the kernel being the Keep of the Castle -- and the various application regions being the "Towers" you see that when this mechanism is operating properly a hacker can't get into the "Keep" -- nor can he get from one "Tower" to another...
...unless someone opens one of these executable documents: all the Towers belong to the same King: you. And they all use the same credentials: yours: the ones you logged on with.
what this means: if the Lord of the North Tower opens an infected executable document he now has access to all the same directories that the other Towers have.
back to reality: If you have access to (e.g.) PeopleSoft and you open an infected document in e/mail that infected document can now access PeopleSoft. This is the case for AppArmor: you should access PeopleSoft ONLY with the PeopleSoft app. software. AFAIK this can only be defined using AppArmor.