Microsoft Internet Explorer NonQuotedCmdLine Protected Mode Escape Exploit (MS13-055)

An error in the way the GetSanitizedParametersFromNonQuotedCmdLine() function in the Internet Explorer broker process handles command-line arguments when trying to launch a program can be exploited to escape from the Internet Explorer Protected Mode sandbox. This module allows an agent running in the context of iexplore.exe with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2013-4015
Product Version: 
2013_R2
Released Date: 
Wednesday, December 4, 2013 - 00:00