I've seen a similar problem before, and while I'm not 100% sure why this worked, I cleared the clients temp folders, browsing history, and Java cache.
I then rebooted the boxes and tried the attack again, and it worked like a charm.
The only guess I could take would be that there was some kind of problem overwriting the java.exe file that the exploit drops into the users temp directory.
At any rate, it's an easy fix, and it's worth a shot. Good luck.