Microsoft Internet Explorer File Integrity Level Protected Mode Bypass Privilege Escalation Exploit (MS11-057)

The Protected Mode of Microsoft Internet Explorer can be bypassed by exploiting a logical flaw when checking the Integrity Level of a file. This vulnerability allows an agent running in the context of iexplore.exe with Low Integrity Level to install a new agent that will run with Medium Integrity Level, by launching the browser against an HTML file having Untrusted Integrity Level. This module needs to re-exploit Internet Explorer with any web browser exploit that has been proved successful against the target (i.e an exploit that was able to install an agent on the target). The user must specify the URL of any web browser exploit (typically the same one used to install the Low Integrity agent) which is already running in Core Impact through the BROWSER EXPLOIT URL parameter.