This vulnerability allows attackers to escalate privileges on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of junction points in the Favorites folder linked to other folders. An attacker running code in the context of a low-rights Internet Explorer process can set up a junction point in the Favorites folder and then the IE broker process will change access control rights in the targeted folders (which are normally unmodifiable by the low-rights process). An attacker can leverage this vulnerability to execute code under the context of a medium integrity process.