This vulnerability allows remote attackers to bypass the Enhanced Protected Mode sandbox of vulnerable installations of Microsoft Internet Explorer and disclose file contents. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Internet Explorer Add-on Installer component. An attacker can use this component to read the contents of any file that the current user has access to.