Vulnerability is related to a lack of enforcement of security policies assigned to URL Security Zones. When a remote site attempts to access a local resource, IE will fail to enforce the Zone Elevation restrictions. IE will not properly enforce the Security Zone permissions, allowing a site belonging to a less secure zone to be treated as a more privileged one. The vulnerability relies solely on the ability for a would-be attacker to provide malicious HTML content from a website and to predict the full pathname for the file that will be used to cache it locally on the victim’s system.”]
Source: https://www.coresecurity.com/core-labs/advisories/ie-security-zone-bypass