- 12 February 2011 - IE Zero-day discovered by Vupen.
- 13 March 2014 - Vupen reported to Microsoft.
- 11 June 2014 - Microsoft Released patch and publicly released the advisory.
Sandbox is security mechanism used to run an application in a restricted environment. If an attacker is able to exploit the browser in a way that lets him run arbitrary code on the machine, the sandbox would help prevent this code from causing damage to the system. So, if attackers are able to bypass the sandbox mechanism, they could run malicious code on the victim’s machine.
"The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling 'ShowSaveFileDialog()', which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox," wrote the company.