|CVSS SCORE||6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C)|
The specific flaw exists within the use of the ActiveX install broker. The broker allows files to be installed to arbitrary paths from within the Internet Explorer sandbox and subsequently executed. An attacker can leverage this vulnerability to execute code under the context of the user at medium integrity.
Microsoft has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Yuki Chen of Qihoo 360