VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling "ShowSaveFileDialog()", which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
700a7758a2ea45f7d7adc64c38c0a1f3ef968cb15f258ae383dc779133000aca