Charles said:Uxtheme Rafael said:*snip*
Yes. The problem scenario relies on an infected machine. This infection exploits UAC's default behavior to auto-elevate signed system binaries to achieve silent rights elevation. Of course, if UAC was a security boundary, then it would not possess such behavior.
Charles, please realise the machine does not have to be infected. That is the simplest method of attack. But as we all know, malware/rootkits thrive on stealth, and remote code execution vulnerabilities on applications you already trust like Microsoft Office, Mozilla Firefox, Adobe Reader will also be suspectible.
That of course is just looking at at the dark side of the moon. On the bright side, legitamite application developers can (and intends to) use this vulnerability to also silently elevate themselves.If it comes to that, there will be no separation between medium-level and adminstrative-level applications because one can switch between the two silently.