An error in the way the GetSanitizedParametersFromNonQuotedCmdLine() function in the Internet Explorer broker process handles command-line arguments when trying to launch a program can be exploited to escape from the Internet Explorer Protected Mode/Enhanced Protected Mode sandbox. This module allows an agent running in the context of iexplore.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level.

CVE Link

Exploit Platform

Windows

Exploit Type

Product Name

Microsoft Internet Explorer NonQuotedCmdLine Protected Mode Escape Exploit (MS13-055)

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum