Charles said:
LeoDavidson said:
*snip*

How does this code get on the target client? Is that a fair question?

Answers:

1.) If there is a already a vulnerable trusted app installed on the user's system and executing when somehow you exploit it in proc via, say, some memory attack, e.g., buffer overrun, which then executes this code in context.

2.) If the user chooses to run an unsigned exe containing this code from an untrusted source, say, from your website.

Please read Jon's post again. Then, read it again. http://blogs.msdn.com/e7/archive/2009/02/05/update-on-uac.aspx

C

 

Charles said:
How does this code get on the target client? Is that a fair question?

Somebody puts a Sony audio CD in their PC to listen to music?

No, it isn't a fair question, because it skirts the real point. If the distinction between Medium and High IL doesn't matter, why bother having UAC prompts for it at all? Why not just run every application except Internet Explorer with full Administrator rights? Why doesn't Microsoft recommend running as Administrator for all users?