A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries. The vulnerability allows Internet Explorer to bypass Mark of the Web warnings or restrictions for files downloaded or created in a specific way. In a web-based attack scenario, an attacker would need to host a malicious file that is designed to exploit the vulnerability and then convince a user to download the malicious file and then open the file in Internet Explorer. The security update addresses the vulnerability by modifying how urlmon.dll handles Mark of the Web queries.