CVE-2023-35308: Windows MSHTML Platform Security Feature Bypass Vulnerability

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.