Microsoft Internet Explorer Enhanced Protected Mode Read-Restrictions Bypass Vulnerability

This vulnerability allows local attackers to partially escape AppContainer limitations on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IShdocvwBroker::EditWith broker API call. The issue lies in the failure to check for registry symbolic links before recursively traversing the key. An attacker can leverage this vulnerability to read the contents of any key within the HKCU registry hive, bypassing the read restrictions designed into EPM.