Interesting. So, it uses Calculator to escalate. Of course, it got on to the system to execute in context (I believe you used an exploit in an
installed application as the doorway fo the exploit package). But, forget that for now. Can you elaborate on the UAC exploit pattern?
Launch Calculator. Find Calculator's process. Use
WriteProcessMemory to inject instructions into the process. Have calculator escalate either Adobe Reader or any other process of your choice.
Why wouldn't this work with full UAC?
Because Calculator isn't running with the rights to escalate Adobe Reader or anything else.