Researcher Reveals 2-Step Microsoft Vista UAC Hack
A web application developer has found a way to hack Windows Vista through its User Account Control (UAC) feature. The two-step attack allows malicious code to infect Vista systems even from accounts running under the limited privileges afforded by UAC.
Robert Paveza, a web application developer with marketing firm Terralever, has published a paper titled “User-Prompted Elevation of Unintended Code in Windows Vista” illustrating a two-step process for exploiting Windows Vista’s User Account Control.
Full article here: Source